Effective internal auditors are working to improve their alignment with organizational strategies and risk management, according to a new survey. We are seeing many IA functions move away from compliance activities which often becomes a department in itself, with forward thinking, risk and commercially focussed IA functions requiring a broader more flexible skillset........
(Report originally published on financialexecutives.org 09/07/15)
Effective internal auditors are working to improve their alignment with organizational strategies and risk management, according to a new survey.
“Driving Success in a Changing World,” released this week by the IIA Research Foundation, identified the need to develop forward-looking risk management practices, align the internal audit function with strategic plans, and improving stakeholder communications as among the leading imperatives for internal auditors.
The study says a strong internal audit function has an opportunity to increase its value by helping line-of-business leaders address fast-moving strategic, technological and regulatory risks.
“Internal audit needs to demonstrate its willingness and ability to overcome the new challenges posed by today’s dynamic business environment,” said IIA President and CEO Richard F. Chambers. “The tools, techniques and insights provided by the 10 Imperatives report provide a strong foundation for getting started.”
One of the key imperatives identified by the IIA report is understanding how risks such as geopolitical events, environmental change and rapid advances in technology can affect an organization.
In the study, chief audit executives (CAEs) said operational risks stemming from these challenges, cited by 72 percent of respondents, will represent the area receiving the greatest amount of their attention. Operational risks were followed by strategic business risks (70 percent) and compliance and regulatory risks (62 percent).
According to the study, the organization’s strategic initiatives and the resulting risks should provide a basis for its annual audit plan. To provide effective support, internal auditors should understand not only strategic, legal and compliance risks, but also the organization’s industry and the trends shaping organizational decisions and performance.
“Internal audit leaders need to do more to educate their teams about the organizations in which they operate,” the study says. “Individual auditors can act to acquire industry specific certifications to enhance their understanding of the business and to help build personal credibility with management.”
In many organizations, though, strong alignment with business units remains aspirational. Half of the survey respondents (57 percent) say their internal audit departments are fully or mostly aligned with the organization’s strategic plan. And despite the dynamic nature of evolving risks, only about a third of the respondents say they update their annual audit plan three or more times a year.
Another key aspect of an effective internal audit function cited by the survey is consistent communication with audit committee members and business unit leaders.
In the survey, 89 percent of CAES based in North America say they have active relationships with their audit committees, compared with 79 percent in the global average. In addition to formal meetings with the audit committee, CAEs said they often provide behind-the-scenes advice to audit committee members and other stakeholders to keep them up-to-date and to better understand their concerns.
The study said this type of informal communication provides a helpful way for internal auditors to enhance their credibility, develop effective business awareness, and adopt a pragmatic approach to their work.