As companies emerge from the recession, internal auditors have the opportunity to elevate their roles by aligning their business objectives with new company priorities, finds PricewaterhouseCoopers' seventh annual Global State of the Internal Audit Profession survey.
The survey of more than 2,500 executives from more than 50 countries found that internal audit professionals that have a macro view of their companies can play a significant role supporting company growth strategies through their involvement with areas such as emerging markets, mergers and acquisitions, social media, the cloud and navigating the regulatory labyrinth. However, the survey indicated that many internal auditors are not addressing the risks related to these strategies.
"Now that the financial crisis has largely passed, the big questions facing CEOs are in growth and the future," says Keith Stephenson, PwC Risk and Controls Solutions Partner and Internal Audit Services Leader in China and Hong Kong. "While it's a good place to be, there are still risks involved and internal auditors need to offer guidance on these emerging risks, like regulatory compliance in new markets or reputational risks related to social media."
For example, this year's survey showed a disparity between CEOs' and internal auditors' main focus when it comes to risk areas such as growth and technology. While CEOs are focused on growth in newer geographic markets, internal auditors indicated that they are least involved in those areas. Similarly, while 70 percent of CEOs plan to invest in IT, less than 25 percent of internal auditors plan to be involved in auditing the risks of cloud computing or social media.CEOs and internal auditors have a shared focus on government regulation, as overregulation ranks among CEOs' top concerns and nearly 60 percent of internal auditors expect to increase their attention to regulatory compliance programs in their audit plans.
The study identified three important focus areas for internal audit departments and the risks, including:
* Strategic growth: Emerging markets, mergers and acquisition activity, innovation and new product development;
* Information technology: Security and data protection risks related to emerging technologies such as eMobility and cloud computing, data loss and distribution of malware; and
* Regulation: The expanding reach of regulations, changes due to financial reform, and sustainability reporting.
"It is important that internal audit leaders stay on top of CEO business strategies," Stephenson says. "Emerging markets, technology and regulation are quickly evolving, and the risks associated are quickly changing as a result. If internal audit can keep up with these changes, CEOs and other company stakeholders will see it as a dynamic business function and elevate its importance to the business."
This year companies from mainland China and Hong Kong were also asked to participate in this survey. Many of the challenges and business issues facing global clients are equally relevant in this part of the market. There are, however, some areas where challenges for internal audit are even more acute in China, finds that study.
According to the study, internal audit in China is relatively less effective in identifying emerging risks, although once they are aware of such matters, they do report these upwards (e.g. to Audit Committee).
When addressing information technology risks, Chinese internal audit functions are largely focused on traditional areas such as security and access controls with very limited focus on emerging areas such as cloud computing and the impact of social media / networks in a work environment (i.e. less focus than internal audit functions in developed countries). While global survey results show some ad-hoc use of audit data analysis tools (ACL / IDEA) by individuals on their audits, internal audit in China still heavily relies upon standard desktop tools (Excel or Access) to analyze or test data.
When asked about the focus of an audit plan in the next 3 years, while global results show more focus on enterprise risk management and alignment with strategy, internal audit in China still plan to increase their focus on regulatory and compliance driven areas.
As internal auditors reevaluate their roles, PwC suggests they ask themselves the following questions:
* Am I leveraging my unique vantage point within the company to provide a clear point of view on the risks associated with the changing business environment?
* Have I taken action to adjust capabilities and approaches to today's business environment?
* Am I taking steps to prepare my people for what they will be doing two to three years from now?
MORE ARTICLES ON INTERNAL AUDIT