Report IV of the Common Body of Knowledge Study (CBOK) provides insight identifying perceived changes in the roles of the internal audit activity over the next five years to adapt to changes in stakeholder expectations. This report presents emerging trends in the internal audit profession, taking into consideration governance, risks, controls, compliance, and technology issues. This analysis is based on 13,582 responses of IIA members and nonmembers in more than 107 countries. Salient responses from chief audit executive (CAEs), internal audit staff, and managers are presented in this report.
Legal, Regulatory and Governance, and Internal Control Factors
There is a clear expected convergence trend when it comes to the governance and internal control contexts. More specifically:
a. The governance and internal control contexts are expected to improve most significantly in regions with a higher representation of emerging countries that are represented in this study. Organizations in these countries are projected to be attempting to catch up with those in more developed countries.
b. Respondents from privately held firms are anticipating that their firms will be attempting to catch up with their listed counterparts.
c. Respondents from smaller organizations are likewise projecting that their organizations will be seeking to catch up with their larger counterparts.
Expected Evolution of the Roles of the Internal Audit Activity
The role of the internal audit activity in risk management and governance will continue to increase to become accepted from the perspective of internal audit practitioners as the two most important cornerstones of the profession.
Respondents expect an increase in the next five years in the role of the internal audit activity in:
- Training audit committee members.
- An advisory role in strategy development.
- An education role for the organization’s personnel.
The proportion of CAEs and managers that expect increases in involvement in strategy development and training to audit committee members is higher than in the other groups of respondents.
Respondents indicate that adopting a more intensive role in risk management and governance necessitates the allocation of additional resources to the internal audit activity (i.e., increase in staff size, audit tools, and techniques).
The top five activities that respondents’ internal audit activities performed in 2010 were:
1. Operational auditing (89 percent of respondents).
2. Audits of compliance with regulatory code (including privacy) requirements (75 percent of respondents).
3. Auditing of financial risks (72 percent of respondents).
4. Investigations of fraud and irregularities (71 percent of respondents).
5. Evaluating the effectivenesss of control frameworks (i.e., using COSO and COBIT) (69 percent of respondents).
The top seven activities that respondents expect to be performed in the next five years are:
1. Corporate governance reviews (23 percent of respondents).
2. Audits of the enterprise risk management process (ERM) (20 percent of respondents).
3. Reviews addressing linkage of strategy and company performance (e.g., balanced scorecard — 20 percent of respondents).
4. Ethics audits (19 percent of respondents).
5. Social and sustainability audits (19 percent of respondents).
6. Migration to International Financial Reporting Standards (IFRS) (19 percent of respondents).
7. Disaster recovery testing and support (18 percent of respondents).
When compared with internal audit staff (not managers or supervisory level staff), a higher percentage of CAEs have expectations that all seven activities will be performed in the next five years.
Audit Tools and Techniques
The top five audit tools and techniques that are predicted to be used more in the next five years are:
1. Computer-assisted audit techniques (CAATs) (63 percent of respondents).
2. Electronic workpapers (55 percent of respondents).
3. Continuous/real-time auditing (54 percent of respondents).
4. Data mining (52 percent of respondents).
5. Risk-based audit planning (52 percent of respondents).
The top five responses indicate an expected trend to improve the efficiency of internal audit work consistent with the growing importance of risk management as one of the two cornerstones of the profession. In line with the need to optimize internal audit resources, those internal audit activities that expect an increase in their staff size in the next five years also expect the highest increase in the use of all five tools and techniques. This report provides a portrait of emerging trends in the internal audit profession by understanding the functions internal auditors perform today and expectations for the future.
Members of IIA Netherlands can download the full report here.