According to the third annual study of current issues for the internal audit profession conducted by PricewaterhouseCoopers, a number of divergent and conflicting trends related to risk assessment are a concern among internal audit executives.
Although there is growing interest in enterprise risk management (more than 80 percent of respondents reported that they conduct an annual enterprise-wide risk assessment), only a handful of those surveyed said that they update the internal audit risk assessment continuously, while 64 percent may be doing little or nothing between annual assessments.
The study also found that there continues to be a lack of consistency around the assessment of risk.
“Audit committees are losing patience with multiple risk assessments that don’t say the same thing,” said PwC partner Dick Anderson, in a statement.
The study concluded that six imperatives should be considered when strengthening the internal audit risk assessment process, including:
- Adopting a process approach to risk assessment and planning;
- Supplementing annual risk assessments with quarterly or more frequent updates;
- Leveraging your prior assessment results;
- Aligning and leveraging risk assessments;
- Seeking out specialized talent; and,
- Coordinating effectively with other risk management groups.
In the areas of finance, compliance, and operations -- sectors that can be characterized as more traditional areas of focus for internal audit -- respondents expressed fairly high degrees of confidence (64, 49, and 43 percent respectively) in their audit coverage of these types of risks. However, they were significantly less confident with their audit coverage when dealing with risks in the areas of technology, fraud, and strategic or business risks.
A full copy of the report, “PricewaterhouseCoopers 2007 State of the Internal Audit Profession Study: Pressures Build for Continual Focus on Risk,” is available at
