Strong need to enhance internal audit capabilities in critical risk areas: PwC

Opportunities and demand exist for internal audit to deliver more value

TORONTO — Companies are aiming for higher performance to contend with the ever-changing risk landscape, but are not raising the bar on internal audit at the same pace, according to the PwC Internal Audit State of the Profession 2013 survey. However, before internal audit reaches new heights, it must continue to evolve its focus or risk losing relevance as other functions become more vital contributors in the risk management area.

The survey shows that 80 per cent of respondents believe threats are increasing, yet only 12 per cent think their own organization manages risk extremely well. Stakeholders are also requesting increased capabilities with internal audit’s contribution in emerging risk areas such as large program assessment, new product introductions, capital project management and mergers and acquisitions.

“For internal audit functions to maximize their value to the organization, they must ensure alignment on multiple levels,” says Matthew Wetmore, partner and leader of PwC's Canadian Internal Audit practice. “There must be alignment of stakeholder expectations, a focus on the highest risk areas, and an eye towards both the internal audit capabilities needed today and the emerging needs of tomorrow.”

The report indicates that high performing internal audit functions demonstrate significantly stronger foundational capabilities. It also offer opportunities to coordinate with their organization’s governance, risk and compliance activities, more effectively incorporate emerging risk into audit areas, and provide proactive advice while actively engaging with management in organizational initiatives.

To help achieve these successes, PwC outlines key steps audit committees, management and chief audit executives can take to enhance the value internal audit delivers to organizations:

  • Audit Committee: Ask more questions
    Most audit committees consider oversight of risk management to be a primary responsibility. However, they should ask if the internal audit’s actions align with critical business risks and if internal audit has established a clear, strategic plan to raise capabilities and deliver value.
  • Management: Expect more
    Management teams should require their organizations to have a strong enterprise-wide risk assessment process, enabling management, internal audit and the board to have a productive and transparent discussion about risk management.
  • Chief Audit Executives: Deliver more
    Chief audit executives should have a strategic vision that aligns to stakeholder expectations, including a strategy for investing in the right resources. They must also be prepared to engage in conversations with the board and management about internal audit’s performance.

“There are opportunities for internal audit to demonstrate a more valuable contribution, but to do so, there must be a well-thought plan and well-charted course,” says Wetmore.

Wetmore concludes, “Chief audit executives must close performance gaps and grow internal audit, whether by increasing capabilities in new and emerging risk areas or delivering better service within existing offerings.”

To download a full copy of the report, please visit

Follow PwC on Twitter at @PwC_Canada_LLP and on Facebook at

About the survey

Representing 18 industries and 60 countries, nearly 1,100 chief audit executives and more than 630 stakeholders, including CEOs, audit committee chairs, other board members and senior finance and risk managers, took part in this year’s survey. Participants contributed their views on today’s critical risks, the role they expect internal audit to play in addressing them, and the performance of their enterprises’ internal audit function.

About PwC’s Risk and Controls practice

PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC's Risk and Controls practice has developed a holistic approach to risk that protects business, facilitates strategic decision making and enhances efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk and Controls professionals. The end result is a risk solution tailored to meet the unique needs of clients.

About PwC Canada

PwC Canada helps organizations and individuals create the value they’re looking for. More than 5,700 partners and staff in offices across the country are committed to delivering quality in assurance, tax, consulting and deals services. PwC Canada is a member of the PwC network of firms with close to 169,000 people in 158 countries. Find out more by visiting us at

© 2013 PricewaterhouseCoopers LLP, an Ontario limited liability partnership. All rights reserved.

PwC refers to the Canadian member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details.