The internal audit function needs to transition to operate across the entire risk governance framework at financial services firms, according to a new report from Ernst & Young.

The report examines the changing role of internal auditors as they come under increased pressure from audit committees, regulators and audit executives to play a larger role in safeguarding against risks at banks and other financial institutions. The financial crisis ushered in a host of new standards and requirements that financial services companies and their outside auditors needed to comply with, and the internal audit function has been pressed to meet ever heavier demands.

The report suggests the internal audit function needs to refocus to prioritize the largest risks, rather than dedicating a disproportionate amount of resources to low-risk areas at financial services firms. Internal auditors also should take advantage of new methods and tools, particularly data analytics technology, to provide continuous monitoring of their companies’ financials.

Financial services companies ought to adapt their recruitment strategies so they can hire professionals with the needed skills to produce reliable risk assessments.

“The largest challenge that internal audit will face in the future is its ability to deploy audit staff of the right caliber,” said the report, co-authored by Stephen Gregory, EMEIA financial services risk leader at EY, and Mark Watson, executive director of financial services risk advisory at the firm.

However, costs will present a problem for many companies as they try to expand their internal audit function to meet these needs. “The significant reduction in financial leverage since the financial crisis, combined with increases in compliance costs and the impact of competition from new entrants, have brought in questions about the long-term sustainability of many firms’ business models,” said the report. “Cost-reduction programs offer scope to address these issues in the short term, but firms may require radically different structures and operating models to lower operating costs far enough.”

Despite the costs, the necessary safeguards need to be in place to protect against the most urgent risks, or else the financial industry will inevitably find itself facing another crisis in the perpetual boom and bust economic cycle.