Audit Committee Bulletin: October 2013

Internal audit must evolve

  • Share

Management and audit committees are looking for greater value from internal audit.

This is in response to the heightened expectations of consumers, investors and regulators demanding greater transparency into the organization’s activities. To deliver what’s required, internal audit will need to evolve rapidly.

EY chart – top emerging risks tracked by audit committees

Audit committees are key stakeholders of internal audit and are considered to be the eyes and ears of the organization to oversee risks and controls. They need to pay attention to the internal audit’s activities and ensure they are suitably skilled to respond to the new challenges.

Our survey identifies four areas to consider:

  1. Expanding mandate

    The audit function must strike the right balance between assurance and advisory activities. This will vary from one organization to another, and will shift as the organization evolves and its strategic objectives, goals and risk tolerances change.

  2. Increasing scope

    The scope of internal audit work needs to reflect the changing risks that the organization faces. Economic stability topped the list of respondents’ emerging risk concerns, followed by cybersecurity, major shifts in technology, strategic transactions in global locations and regulations around data privacy (see chart below).

  3. Increasing competency requirements

    Internal audit functions need to adjust competency and training efforts to ensure they have the right skills to meet audit plan requirements and management expectations.

  4. Evolving internal audit function composition

    As business needs increase in complexity, so do resource requirements. Apart from hiring internally, internal audit functions have a number of other options available to supplement staffing shortages or resource gaps.

Questions for the audit committee



What are the top emerging risks that your organization is tracking or monitoring?

EY chart – top emerging risks tracked by audit committees ×