Internal auditors should not be deterred by regulatory reforms, but need to give extra scrutiny to risks in areas such as corporate communications and environmental, health and safety regulations, according to a new report.
The
Information shared with investors, customers and other stakeholders through means other than financial statements can have an impact on an organization as much as a glaring error in a 10-K report, the IIA noted. According to the IIA’s 2017 North American Pulse of Internal Audit survey of more than 500 chief audit executives, internal audit directors and senior managers, 66 percent said they have high concerns about reputational risks associated with inaccurate, incomplete or misleading information.
However, only 9 percent provide assurance in this area other than internal audit’s review of formal financial reports. In addition, 20 percent of the survey respondents indicated they are not aware of any assurance being provided on non-traditional communications.
In terms of environmental, health and safety risks, the IIA noted that in 2015, U.S. organizations paid more than $13.3 billion in EPA and OSHA fines. However, less than half of the chief audit executives who responded to the survey said they include EHS risks in their audit plans.
The use of data analytics by internal audit is on the rise, with more than 9 out of 10 respondents saying they include data analytics in their audits. More than 4 in 10 indicated they “always” or “frequently” use data analytics in their audits, according to the survey. But more than half the survey respondents indicated poor analytics design led to extra work and inefficiency that probably could have been avoided through proper planning and resourcing.
Negative exchanges between internal audit and its clients can also hurt the effectiveness of the internal audit functions. Half the survey respondents said a negative exchange could have an impact on the ability to conduct an audit (with 50 percent of them saying yes or maybe).
The IIA report,
“Courage is a character trait top audit leaders will need to exhibit not just in dealing with the evolving risk landscape, but also in addressing areas that may be taboo or historically overlooked,” said IIA president and CEO Richard F. Chambers in a statement. “We believe this demonstration of fortitude by CAEs will help build a poised and assertive audit function that is valued by stakeholders and benefits the entire organization.”