PricewaterhouseCoopers is seeing security risks to internal auditors, along with economic uncertainty and regulatory risks.
In the firm’s
The survey indicated that other significant risks have emerged, and businesses are asking internal audit to play an bigger role in helping companies navigate the changing risk landscape. While concerns about further economic uncertainty continue to be the main ones for business leaders, issues such as fraud and ethics, mergers and acquisitions, large programs, new product introductions, and business continuity were identified among the top risks affecting businesses.
“The floor for providing an effective internal audit function is a lot higher than it used to be,” said Brian Brown, a partner in PwC’s risk assurance practice who provides outsourced internal audit functions for the firm.
The single most requested area for increased internal audit focus was data privacy and security, with 46 percent of stakeholders asking for added capabilities in this area. With regulations escalating and evolving, the second largest requested area for increased focus involves regulations and government policies, with 32 percent of stakeholders asking internal audit to get more involved in supporting the business in understanding and managing this risk.
“As an internal audit leader, you need to know where your stakeholders are and what their perceptions of risk are,” said Brown. “Everyone is dealing with scarce resources."
Survey respondents indicated that they were concerned about areas such as fraud and ethics, data security and privacy, and mergers and acquisitions, he noted. There were large gaps between the perceptions of internal auditors and other stakeholders about how those particular areas are managed. Only 33 percent of the chief audit executives in the survey felt that mergers and acquisitions were well managed, for example.
“The lesson for companies is to make sure that the stakeholders and internal auditors understand the difference in opinions and bridge them in some way,” said Brown.
The report found that internal audit groups at leading companies provide stakeholders with advice on risks and controls rather than just reporting on gaps. Seventy-eight percent of the survey respondents whose companies were better at managing risk said their chief audit executives played a more active role during executive meetings, compared to only 61 percent of companies that are behind. In addition, they take into consideration the organization’s enterprise risk management process and adapt their approach quickly when changes are needed.
To download a full copy of the report, visit
