Fraud risk management, auditing IT, and business continuity management are ranked among the top areas which internal audit funtions need to improve, reveals the second "Mainland China and Hong Kong Internal Audit Capabilities and Needs Survey" conducted by business consultancy firm Protiviti.
Supported by the China Institute of Internal Audit, the survey garnered responses from 179 participants which include chief audit executives (CAEs), internal audit directors, managers and staff.
According to the survey, Fraud Risk Management (FRM) remains in the top five areas in need of improvement, indicating the continuous attention placed by respondents on anti-fraud activities. "As the global financial crisis proliferates globally, enterprises are facing greater financial performance pressure and employees are experiencing heavier personal financial burden - both provide significant incentives to commit frauds," says the survey, adding that regulators are requiring enterprises to take a more proactive approach to managing fraud risk.
Proviti notes that, in many cases, fraud has led to business failures. These undoubtedly raise alarms on the significant impact of frauds on enterprises, resulting in enterprises increasing their efforts in anti-fraud activities. Internal auditors play a crucial role in these efforts to prevent and detect frauds, hence the high “Need to Improve” ranking for FRM.
Business Continuity Management (BCM) is a new category of knowledge added to 2009’s survey and is ranked among the top five areas in need of improvement for obvious reasons. Protiviti says that the Wenchuan earthquake and South China snow storm in 2008 caused widespread suffering and enormous economic losses to enterprises. Wising up from these experiences, Chinese enterprises are paying closer attention to BCM. Past statistics showed that 93% of companies that suffered a significant data loss would be out of business within five years; furthermore, an outbreak of pandemic such as human influenza would result in staff absenteeism of around 25%-40%, disruption to supply chain, reduced customer patronage, and serious disruptions to lines of communications.
"In the face of an increase in business interruption events, respondents consider improving their organisations’ BCM knowledge and competency to be a priority," says the survey. "In addition to establishing a disaster recovery plan to ensure the resumption of critical IT systems in the event of a disaster, many enterprises are now working towards ensuring the continuity of their key business processes and supporting functions as well."
According to Proviti, BCM provides reasonable protection and alternative modes of operation that enable an enterprise to respond to business interruption events, such as large-scale pandemics and natural disasters, in a proper manner.
Auditing IT areas, which represented the top four highest-ranked “Need to Improve” areas in 2008, remained a priority for 2009 and ranked second after the Fraud Risk Management/Prevention as a category of areas needing improvement. The reported relatively low level of competency accentuates the need to improve in this area.
According to Protiviti, internal auditors are now helping organisations strike a balance between achieving business objectives and managing risks. Many are taking on the role of a strategic partner to chief executive officers and chief financial officers. The result is an increased demand on internal auditors to improve their capabilities in interacting with interested parties, their knowledge of the operations of their organizations and their ability in applying technology to discharge their roles and responsibilities.
Striving to meet the varied expectations of board of directors, audit committee, investors, company management and other stakeholders, the internal audit function, apart from performing its traditional auditing activities, is expanding its role into corporate governance, internal control, risk management, compliance and various other key areas, notes Protiviti.
The respondents also emphasized the need to improve personal capabilities in areas such as developing other board committee relationships, strategic thinking, and developing audit committee relationships.
In response to the financial crisis, organisations are also charging their internal audit function with value-added roles to assist in formulating and achieving strategic objectives and sustainable growth.
Survey results also reveal that Hong Kong enterprises’ competency was higher than those in Mainland China in all areas of Audit Process Knowledge, especially in Assessing Control Operating Effectiveness (Entity Level) and Assessing Control Design (Entity Level).
Participants in this year’s survey came from a wide range of industries, covering amongst others, financial services, real estate, industrial products, consumer products, technology, energy, telecommunications and utilities - the majority was from financial services institutions. Respondents came from large, mid-sized and small enterprises with annual revenues ranging from less than CNY350 million to over CNY140 billion.
Most of the participants were from enterprises with annual revenues between CNY7 billion and CNY34.9 billion, followed by those in the CNY700 million to CNY3.49 billion range.