Audit Committee Bulletin: October 2013
Internal audit must evolve
Management and audit committees are looking for greater value from internal audit.
This is in response to the heightened expectations of consumers, investors and regulators demanding greater transparency into the organization’s activities. To deliver what’s required, internal audit will need to evolve rapidly.
Audit committees are key stakeholders of internal audit and are considered to be the eyes and ears of the organization to oversee risks and controls. They need to pay attention to the internal audit’s activities and ensure they are suitably skilled to respond to the new challenges.
Our survey identifies four areas to consider:
- Expanding mandate
The audit function must strike the right balance between assurance and advisory activities. This will vary from one organization to another, and will shift as the organization evolves and its strategic objectives, goals and risk tolerances change.
- Increasing scope
The scope of internal audit work needs to reflect the changing risks that the organization faces. Economic stability topped the list of respondents’ emerging risk concerns, followed by cybersecurity, major shifts in technology, strategic transactions in global locations and regulations around data privacy (see chart below).
- Increasing competency requirements
Internal audit functions need to adjust competency and training efforts to ensure they have the right skills to meet audit plan requirements and management expectations.
- Evolving internal audit function composition
As business needs increase in complexity, so do resource requirements. Apart from hiring internally, internal audit functions have a number of other options available to supplement staffing shortages or resource gaps.
Questions for the audit committee:
- How have the challenges confronting your internal auditteam changed over the past several years?
- What specific challenges are associated with theheightened focus on risk, including risks associated withcybersecurity, compliance and strategy?
- What organizational approach is internal audit taking? Has it changed its structure in recent years?
- What kind of analytic tools is internal audit using? How is it applying them?
- How do you build a good relationship with the chiefaudit executive and their team?
What are the top emerging risks that your organization is tracking or monitoring?