Vaktechnische Publicaties

As governance and monitoring functions collaborate more closely to avoid duplication of effort, internal audit may be asked to take on responsibilities for risk management, compliance, regulatory oversight, and other governance activities. The chief audit executive (CAE) plays a critical role in navigating between internal audit’s traditional role and assuming responsibilities for risk management, compliance, and other governance functions. The CAE should be held accountable for preserving independence and objectivity, communicating with management and the board, and confirming management’s acceptance of risk to internal audit’s independence and/or auditor objectivity. To navigate through these competing challenges, internal auditors can look to The IIA’s guidance on effective risk management and control, and promulgated standards related to independence and objectivity.  

What do board members and C-suite executives view to be the top risks for their organizations this year? Not surprisingly, according to an annual survey from North Carolina State University’s ERM Initiative and Protiviti, regulatory changes, the economy and cyberthreats top their lists of concerns.

In last year’s Pulse of Internal Audit report, The IIA challenged the profession to address emerging risks by realigning audit coverage continuously — to audit “at the speed of risk.” Today, the challenge remains to move beyond annual planning and typical audit areas. The consequences of a toxic culture, the destructive impact of a cyberattack, the exponential growth in the collection and reliance upon data — these represent just a sampling of today’s risks that increasingly fall outside of the traditional comfort zone in which many auditors operate. As risks change, as new risks emerge, and as stakeholder expectations continue to evolve, internal auditors must move out of their comfort zone to audit at the speed of risk. This year’s IIA Pulse of Internal Audit survey focused on areas where changes in the business environment, changes in technologies, and changes in people are affecting the risk environment for organizations. How are internal auditors keeping up with these changes? In a bygone era, audit professionals carved out a comfort zone focused on financial and operational risks. The results from the survey highlight opportunities for internal audit to move out of the comfort zone. High-profile scandals and organizational failures that have littered the landscape over the past year point to the critical role of culture in the governance of organizations. Unfortunately, only 42 percent of survey respondents are addressing the culture in their organizations. Lack of management and board support for internal audit’s involvement in culture, and lack of internal audit’s ability to identify and measure organizational culture, are closely associated with internal auditors avoiding this risk. The issue of cybersecurity continues to present itself as a major topic of concern for organizations. Most survey respondents believe prevention is the most important response to this risk. While not ignoring the critical role of preventing cyberattacks, it has proven to be naive for many organizations to assume they can prevent a successful attack. Organizations must be prepared to respond to cyber risks, and the survey results indicate they may not be as prepared as they should be. In addition, while internal auditors recognize this risk, the majority (52 percent) acknowledge lack of expertise among internal audit as an obstacle to addressing cybersecurity risk as they should. Increasingly, organizations are using more data — and in more sophisticated way — to drive decisions. Internal auditors are not as involved in all aspects of data use and only 29 percent are very or extremely confident in the strategic decisions their organizations make based on the data it collects and analyzes. Interpersonal skills have never been more important for internal auditors. Most CAEs are not satisfied with the level of these skills in their teams. Less than half of survey respondents reported their teams have more than a moderate level of proficiency in soft skills. The data suggests significant room for growth. Risks keep evolving and growing and there are areas where internal audit has to move out of its traditional comfort zone and catch up to the risks. Shifts in mindset and sense of urgency are necessary for internal audit to meet and exceed the needs of their organizations — and to become trusted advisers.  

Regional Relections: Latin America is a customized research report that provides a Latin American perspective on the indings from CBOK 2015, the largest ongoing study ofinternal audit professionals in the world. Building on the 10 imperatives for internal audit that were presented at he IIA’s 2015 International Conference, this report highlights unique concerns for Latin America and provides insights from several internal audit leaders in the region. In addition, an appendix at the end of this report gives key demographics about survey respondents from Latin America. In many ways, internal auditors in Latin America perform well in comparison with their colleagues around the world. hey have strong relationships with stakeholders, often align well with the strategic objectives of their organizations, and have high levels of expertise in automated audit technologies. Having their performance pegged to the expectations of stakeholders, they are well placed to satisfy their customers and create real value to the businesses in which they work. However, there are improvements to be made. Too few chief audit executives (CAEs) primarily report functionally to the boards of their organizations, a situation that can compromise their departments’ performance. Management stakeholders can have excessive inluence over the annual audit plan and how the work of internal audit is perceived. A strong relationship with these stakeholders can be a double-edged sword, causing some auditors to focus too much on compliance and not enough on mission-critical projects. It is perhaps not surprising that 1 out of 3 CAEs say they have had pressure put on them to alter valid audit indings, and the source of the pressure is usually the CEO. Latin America needs a larger number of boards, and those boards also need to be efective and supportive of internal audit.  If conformance to he IIA’s International Standards for the Professional Practice of Internal Auditing (Standards) is relatively low when compared to global averages, and the proportion of people who hold IIA certiications is equally low, change is on the way. IIA ailiate bodies are working with the region’s governments to reduce the constraints on internal audit exerted by out-of-date regulations. CAEs are educating their boards and management about the value of the Standards, and individuals spend more hours in training than almost anywhere else in the world. he region’s internal auditors are moving forward.

Effectively Leverage Your Most Valuable Asset Regardless of organization size, sector, or industry, people are an organization’s most valuable asset. Ensuring the internal audit activity is adequately staffed is just one piece of the puzzle. It must comprise the right people, who have the right skill sets, and who are afforded the right opportunities for growth and development if internal auditing is to add real value and meet stakeholder expectations. Talent Management: Recruiting, Developing, Motivating, and Retaining Great Team Members outlines best practice recommendations for the various elements — everything from assessing competencies and selecting candidates to training and succession planning — that make up an organization’s talent management strategy. This is for members only. To access it and other valuable resources, become a member today. Non members: Purchase ($ 25,-) the practice guide, “Talent Management"