The results of the eighth annual Global State of the Internal Audit Profession survey were announced a few days ago by PwC US. The survey was conducted from November 2011 to January 2012 and includes responses from over 1,500 participants in 16 separate industry sectors from 64 countries across the globe. More than 20 Greek companies participated in the survey, representing almost all industry sectors, including banking, insurance, manufacturing, telecommunications, transport, commerce, and health.
This year, for the first time, in addition to surveying internal auditors about the state or the profession, PwC surveyed the profession from the outside in, asking CFOs, audit committee directors, CEOs, and other stakeholders to share their views on internal audit’s role in the organisation and its capabilities for supporting the risk management activities of the company.
Businesses are calling for internal auditors to broaden and deepen their role in helping them navigate the rapidly changing risk landscape across a range of risks, including data privacy and security, and regulation and government policies. As the risk landscape continues to evolve, the majority of business leaders surveyed said they are not comfortable with how their risks are being managed, although 74% of those surveyed have formal enterprise risk management processes. To deliver what stakeholders want, the standard for an effective internal audit function has been raised and internal audit needs to elevate its performance to meet the always increasing stakeholder expectations.
Successful internal audit functions create plans through comprehensive, top-down risk assessments where the entire enterprise risk management process is taken into consideration. According to the survey results, 45% of organisations still do not create their audit plans using a robust, top-down risk assessment approach. A majority of respondents identified organisational and cultural resistance as the most common barriers to internal audit’s ability to step up and meet stakeholders’ increasing demands, followed closely by lack of internal audit resources and expertise.
The report adds that internal audit groups at leading companies provide stakeholders with advice on how to improve risks and controls rather than just reporting on gaps. 78% of the survey respondents whose companies were better at managing risk say their chief audit executives have an active role in the executive meetings. In addition, they take into consideration the organisation’s enterprise risk management process and they adapt their approach quickly when changes are needed.
As Kostas Perris, head of the Internal Audit Services Department of PwC in Greece, comments: “To add to stakeholder confidence and be seen as a vital, contributing business partner, internal audit must do much more than financial controls and compliance – it needs to provide assurance across a broader range of business risks, provide deep insights and business perspectives and be able to present to stakeholders in a way that cuts through the clutter. Our survey confirms that Boards and Audit Committees expect more from internal audit. They want internal audit to act as their eyes and ears and provide essential comfort that critical business risks are being well managed. But while internal audit clearly matters, the challenge for the chief audit executive is to find a way to consistently deliver on these increasing expectations."
For greek, dowload the above pdf.
To download the full study, click here