Literature Review on Internal Audit
Survey finds internal audit risk assessments inconsistent Year: August, 2007 The report suggests that internal auditing needs to identify areas of high and moderate risk that are part of the internal audit plan but have been deferred or cancelled because of the organization’s focus on Sarbanes-Oxley Section 404. It recommends that chief audit executives (CAEs) revisit the budgets, skills, and capabilities needed to achieve a comprehensive, balanced, and risk-based approach to auditing, as well as develop a process to advise the audit committee and senior management about emerging risks.
In other findings, internal audit leaders say their greatest challenge is finding enough qualified talent to address the growing and increasingly complex needs of their stakeholders.
To help address this problem, rotational staffing has become a key source of talent for more than 80 percent of respondents from Fortune 500 companies. Additionally, the report notes that audit departments are using report ratings, such as satisfaction or number scales, with mixed results.
Although many CAEs say ratings allow them to communicate the potential level of exposure and risk associated with audit findings, 56 percent say ratings often create friction at their organizations and slow down the audit process. Finally, 43 percent of respondents use some form of continuous auditing or monitoring in their audit operations. The PwC report is available from the company’s Web site, www. pwc. com/internalaudit. Reference: http://findarticles. om/p/articles/mi_m4153/is_4_64/ai_n27348378/ PwC Study: Internal Audits Lack Strategy for Risk Assessment Year: May 21, 2007 There continues to be a lack of consistency around the assessment of risk by internal auditors, according to the third annual study of current issues for the internal audit profession conducted by PricewaterhouseCoopers. A number of divergent and conflicting trends related to risk assessment are a concern among internal audit executives.
Although there is growing interest in enterprise risk management (more than 80 percent of respondents reported they conduct an annual enterprise-wide risk assessment), only a handful of those surveyed said they update the internal audit risk assessment continuously, while 64 percent may be doing little or nothing between annual assessments. At one-third of the companies surveyed, multiple enterprise-wide risk assessments are being conducted across the organization.
Of this group, only 20 percent consider these assessments “well” aligned, while 50 percent said they are “somewhat” aligned and 30 percent said they are “not well” aligned, with little or no coordination among the parties making the assessments. PwC said six imperatives should be considered when strengthening the internal audit risk assessment process, as suggested by the study: Adopt a process approach to risk assessment and planning.
Supplement annual risk assessments with quarterly or more frequent updates. Leverage your prior assessment results. Align and leverage risk assessments. Seek out the specialized talent you need. Coordinate effectively with other risk management groups. “Today, there is a growing awareness among chief audit executives of the importance of linking risk assessments and effective audit coverage,” said Richard Chambers, managing director with internal audit services at PwC. To help strengthen risk management within their companies, audit groups must focus on assessing risk on an ongoing basis and continue to monitor and update their enterprise-wide risk assessments. ” In the areas of finance, compliance, and operations — sectors that might be characterized as traditional areas of focus for internal audit — respondents expressed fairly high degrees of confidence (64, 49, and 43 percent respectively) in their audit coverage of these types of risks.
However, they were significantly less confident with their audit coverage when dealing with risks in the areas of technology, fraud, and strategic or business risks. The 2007 study also found that internal audit groups reporting to the CFO organization devote more time to Sarbanes-Oxley compliance than groups that report directly to the audit committee or the CEO. According to the study, only 31 percent of internal audit functions reporting directly to the audit committee or the CEO devote more than 50 percent of their time to Sarbanes-Oxley compliance.
By contrast, 46 percent of those who report directly to the CFO indicated that they dedicated more than 50 percent of their time to the Act during 2006. The study found that when internal audit reports to a level below the CFO in the finance organization, such as to the controller or treasurer, the time commitment to Sarbanes-Oxley compliance increases dramatically, with 69 percent of these internal audit functions reporting spending more than 50 percent of their time addressing compliance with the Act. Given the disparity of time dedicated to compliance with Sarbanes-Oxley depending on reporting relationships, these survey results naturally beg the question as to who is actually directing the focus and deployment of corporate audit resources,” added Anderson. Reference: http://www. accountingnet. com/x57724. xml Study: Impact of Economy on Internal Audit Profession *By: (SmartPros*) Year: June 15, 2009 The results of a new IIA survey have revealed perspectives on the cause and effects of the financial meltdown, as well as the views of internal auditors regarding how they are responding to the new economic and business environment.
Speaking to a gathering of more than 2,000 internal auditors from around the world at The Institute of Internal Auditors’ (IIA’s) international conference held in mid-May in Johannesburg, South Africa, IIA President Richard Chambers, CIA, shared key results from the survey which reflected responses from 1,665 internal auditors in 57 countries. “This survey data gives us a global snapshot of how internal auditors view what has happened and how they are dealing with it,” said Chambers. “It also tells The IIA what we should look at closer for more in-depth analysis and development of new guidance. Three major areas of realization emerged from the survey results. Internal auditors’ views are split on whether risk management could have played a mitigating role in the financial crisis, and a majority felt there were more things internal audit activities could have done soften its impact. Organizations are redirecting their internal audit resources to cover recession-related risks. And within organizations receiving stimulus or rescue funds, more than a third of internal audit activities have not addressed risks related to the funding.
The recession has had a trickle-down effect that has impacted the resources of internal audit functions. The European literature review on internal auditing: *How the internal audit function is changing in response to the shifts in global business practices*? Year: 2006 Purpose – By conducting the 2006 global Common Body of Knowledge (CBOK) study, The Institute of Internal Auditors (IIA) attempts to better understand the expanding scope of internal auditing practice throughout the world.
The purpose of this review of recent internal auditing literature in Europe is to document how the internal audit function is changing in response to the shifts in global business practices. Design/methodology/approach – The literature in Europe is reviewed with a focus on developments that have implications for the expanded scope of internal auditing and the changing skill sets of internal auditors and their role in enhancing good corporate governance. This focus has implications for CBOK 2006.
Findings – The literature indicates changes in the activities performed by internal auditors. The increasing complexity of business transactions, a more dynamic regulatory environment in Europe, and significant advances in information technology have resulted in opportunities and challenges for internal auditors. Although in 2004, The IIA responded to the changing organizational environment by updating the professional practices framework, more work needs to be done to prepare internal auditors for the expanded set of skills and knowledge required to perform audits of the future.
Originality/value – By presenting an overview of past literature in Europe and discussing the shifting demands on internal audit services, the researchers hope to motivate further research in the field. PricewaterhouseCoopers’ 2010 Global Internal Audit Study: Internal Auditors Should Serve as Strategic Advisors on Risk Assessment and Management *Year: April 1 ,*2010 NEW YORK, April 1 /PRNewswire/ — PricewaterhouseCoopers’ sixth annual Global State of the Internal Audit Profession survey found that with global ndustries, economies and regulatory environments forever altered by the recent financial crisis, strategic risk management has become a key issue for business leaders. According to the 2010 survey of more than 2,000 executives from more than 50 territories, internal audit professionals have the companywide visibility and mandate to lead their organizations in enhancing this capability. This year’s survey also demonstrated that, to remain relevant and meet stakeholder demands, internal audit must evolve to an enhanced “Internal Audit 2. 0″ state that provides business leaders with actionable business risk intelligence. The financial crisis caused a heightened scrutiny of companies’ risk management practices, as many have blamed the crisis on poor risk management,” said Brian Brown, principal and Internal Audit Advisory Services leader at PwC. Brown added that, “CEOs across all industries are looking to upgrade their enterprise-wide risk management capability to better prepare for success in what is expected to continue to be a very challenging business environment. Needs and expectations for internal audit have never been higher, so the key question is whether internal audit is delivering.
There is also a challenge in building consensus for an expanded and more strategic role for internal audit,” said Brown. The 2010 State of the Internal Audit Profession study identifies three critical focus areas for internal audit departments: • Critical risks and issues; • Aligning internal audit’s value position with its stakeholder’s expectations; and • Matching the staffing model with that value proposition However, these are also the three areas where internal audit leaders believe they have the most room to improve. What senior executives should take away from this survey is that, for an internal audit team to assume the role of strategic partner, members must employ highly experienced and skilled professionals who can pinpoint trouble spots, synthesize a lot of data, better utilize technology and help the organization be more successful in a very challenging business environment,” Brown said. With these new challenges in mind, PwC believes internal audit must take a more radical approach to change than it has in the past, and rethink and redefine the way it works. The survey outlines several important steps that should be taken: • Start with a plan Rethink risk assessment practices • Fill the skills and capabilities gap • Align with other assurance functions • Focus on obtaining ROI from technology “In this year’s survey, we introduced the concept of ‘Internal Audit 2. 0’ to start organizations thinking about dramatic change,” said Brown. “As internal audit confronts new and continually changing needs and expectations, it must take the initiative to redefine its role. That means expanding its skill sets and preparing to take a leadership role as a more powerful resource for senior leadership, directors and boards in aligning strategy and risk identification, control and mitigation. “