PricewaterhouseCoopers is seeing security risks to internal auditors, along with economic uncertainty and regulatory risks.

In the firm’s 2012 PwC State of the Internal Audit Profession study, global economic uncertainty tops the list as the biggest perceived risk to companies this year, according to nearly three-quarters of the chief audit executives polled and other survey respondents. This year, in addition to CAEs, PwC also surveyed other stakeholders, including audit committee chairs and board members. PwC surveyed 1,530 executives from 16 different industries and 64 countries, including 870 CAEs.

The survey indicated that other significant risks have emerged, and businesses are asking internal audit to play an bigger role in helping companies navigate the changing risk landscape. While concerns about further economic uncertainty continue to be the main ones for business leaders, issues such as fraud and ethics, mergers and acquisitions, large programs, new product introductions, and business continuity were identified among the top risks affecting businesses.

“The floor for providing an effective internal audit function is a lot higher than it used to be,” said Brian Brown, a partner in PwC’s risk assurance practice who provides outsourced internal audit functions for the firm.

The single most requested area for increased internal audit focus was data privacy and security, with 46 percent of stakeholders asking for added capabilities in this area. With regulations escalating and evolving, the second largest requested area for increased focus involves regulations and government policies, with 32 percent of stakeholders asking internal audit to get more involved in supporting the business in understanding and managing this risk.

“As an internal audit leader, you need to know where your stakeholders are and what their perceptions of risk are,” said Brown. “Everyone is dealing with scarce resources."

Survey respondents indicated that they were concerned about areas such as fraud and ethics, data security and privacy, and mergers and acquisitions, he noted. There were large gaps between the perceptions of internal auditors and other stakeholders about how those particular areas are managed. Only 33 percent of the chief audit executives in the survey felt that mergers and acquisitions were well managed, for example.

“The lesson for companies is to make sure that the stakeholders and internal auditors understand the difference in opinions and bridge them in some way,” said Brown.

The report found that internal audit groups at leading companies provide stakeholders with advice on risks and controls rather than just reporting on gaps. Seventy-eight percent of the survey respondents whose companies were better at managing risk said their chief audit executives played a more active role during executive meetings, compared to only 61 percent of companies that are behind. In addition, they take into consideration the organization’s enterprise risk management process and adapt their approach quickly when changes are needed.

To download a full copy of the report, visit

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access