United Arab Emirates, Abu Dhabi, April 3rd 2013 – As companies have come to accept that market volatility, complexity, political and regulatory changes are here to stay, internal audit functions have more opportunities to contribute to businesses in a truly meaningful way, according to the PwC Internal Audit State of the Profession 2013 survey. However, according to survey respondents, before internal audit reaches for new heights, it must keep pace and continue to evolve its focus. Internal audit must also significantly improve its performance or risk losing relevance as other internal risk functions become more vital contributors in the risk management area. In the Middle East nearly 80% of respondents indicated that their organizations do not have an Enterprise Risk Management framework, opening the door for internal audit to play a key role in embedding risk management in the Board agenda.
“Our survey shows that 80 percent of global and 60 percent of Middle East respondents believe threats are increasing, yet only 12 percent of global and 5 percent of Middle East respondents think their own organization manages risk extremely well,” said Adnan Zaidi, Leader of PwC’s ME Risk Assurance practice. “As risks increase, internal audit’s coverage of risk and performance in emerging areas is critical, which provides internal audit with an ideal opportunity to demonstrate the value of the evolving profession. Internal audit must then aggressively increase its capabilities and add true value in risk areas most critical to the organization.”
The study reveals that organizations have more work to do to align stakeholders’ expectations and approach on coverage of critical risks, providing an opportunity for internal audit to deliver value outside of the traditional focus areas. Compared with management, board members are more likely to believe there are more risks and that they are growing faster, posing greater threats than there were a year ago.
“Audit committees and management expect more from internal audit, providing a huge opportunity for internal audit functions to be relevant contributors to protecting stakeholder value and the business from the most critical risks,” said Andrew Garrett, Internal Audit Services Leader for PwC ME. “However, for internal audit functions to maximize their value to the organization, they must ensure alignment on multiple levels. There must be clear understanding and alignment of stakeholder expectations, alignment of internal audit focus on the highest risk areas, and alignment of internal audit capabilities to the needs of today and those emerging needs of tomorrow. Only then can internal audit contribute to the organization in a way that establishes relevance and value in the eyes of all key stakeholders.”
Companies are raising the bar on performance to contend with the ever-changing risk landscape, but are not raising the bar on internal audit at the same pace, according to PwC’s survey. In addition, stakeholders are requesting increased capabilities with internal audit’s contribution in emerging risk areas such as large program assessment, new product introductions, capital project management and mergers and acquisitions.
“Those with the right plan, appropriate resources and capabilities that are aligned with what stakeholders expect, will be recognized for their contribution. They will see increased access within the organization, and more opportunities to demonstrate value. As a result, they will multiply the value internal audit delivers,” said Firas Haddad, Director in PwC UAE Risk Assurance practice.
PwC’s survey indicates that high performing internal audit functions have excelled in four important areas. They demonstrate significantly stronger foundational capabilities, coordinate with their organization’s governance, risk and compliance activities, more effectively incorporate emerging risk into audit areas and partner with those they serve by providing proactive advice and actively engaging with management in organizational initiatives. To help reach these new heights, PwC outlines the key steps audit committees, management and chief audit executives can take to enhance the value internal audit can and should deliver to organizations:
Audit Committee: Ask More Questions
Most audit committees consider oversight of risk management to be a primary responsibility. However, they should ask if the internal audit’s actions align with critical business risks and if internal audit has established a clear, strategic plan to raise capabilities and deliver value.
Management: Expect More
Management teams should require their organizations to have a strong enterprise-wide risk assessment process, enabling management, internal audit and the board to have a productive and transparent discussion about risk management. Management should expect internal audit to have the skills necessary to contribute value in key risk areas
Chief Audit Executives: Deliver More
Chief audit executives should have a strategic vision that aligns to stakeholder expectations, including an investment strategy such as investing in the right resources. They must also be prepared to respond, or proactively engage, in conversations with the board and management about the internal audit’s performance.
There are opportunities for internal audit to demonstrate a more valuable contribution, but to do so, not only must every stakeholder have a role in helping internal audit move in the right direction, but there must be a well-thought plan and well-charted course. “Chief audit executives must get prepared, close performance gaps, and raise the bar on itself. Whether that is by increasing capabilities in new and emerging risk areas or delivering a greater level of service within those more traditional areas, the time is now for internal audit to take decisive action to strengthen their core performance and capabilities, resulting in value added contributions,” continued Garrett.
The survey covered 1,100 chief audit executives and more than 630 stakeholders, including CEOs, audit committee chairs, other board members and senior finance and risk managers, from 18 industries across 60 countries. 25 key organizations from 7 industries in four markets in the Middle East took part in the survey and contributed their views on today’s critical risks, the role they expect internal audit to play in addressing them, and the performance of their enterprises’ internal audit function.
Copies of the survey results will be available at the Institute of Internal Auditors UAE chapters’ 14th Annual Regional Audit Conference to be held in Abu Dhabi on 15-17th April. PwC are key sponsors of this event at which they will be launching the ‘I AM’ – Internal Audit Matters campaign and will be available to discuss the survey.
To download a full copy of the report, "PwC 2013 State of the Internal Audit Profession Study" please visit www.pwc.com/us/2013internalauditstudy.
About PwC’s Risk Assurance practice
PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC's Risk Assurance practice has developed a holistic approach to risk that protects business, facilitates strategic decision making and enhances efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to meet the unique needs of clients.
About PwC ME
PwC ME helps organizations and individuals create the value they're looking for. We're a member of the PwC network of firms in 158 countries with more than 180,000 people. We're committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at http://www.pwc.com/middle-east
Established in the Middle East for 40 years, PwC has firms in Bahrain, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Oman, the Palestinian territories, Qatar, Saudi Arabia and the United Arab Emirates, with around 2,700 people. (www.pwc.com/middle-east)
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
©2013 PricewaterhouseCoopers. All rights reserved