The audit committee’s role is not getting easier, but it has a lot of resources in its arsenal to help meet today’s high expectations. A high-performing in internal audit function can be a valuable resource.
The audit committee’s role is not getting easier, but it has a lot of resources in its arsenal to help meet today’s high expectations. A high-performing internal audit function can be a valuable resource.
About one-third of board members believe internal audit adds less than significant value to the company and only 64% believe internal audit is performing well at delivering expectations, according to PwC’s 2014 State of the internal audit profession study – Higher performance by design: A blueprint for change. Even chief audit executives (CAEs) are critical of their functions’ performance, with just two-thirds saying it’s performing well.
This Issue in focus discusses what the audit committee can do to help internal audit improve its performance and provide more value. For a more in-depth discussion, read the current edition of our Audit Committee Excellence Series. Achieving excellence: Overseeing internal audit.
“Some audit committees may not fully appreciate how much they can influence the contribution of the internal audit group to the company’s success,” said Don Keller, a partner with PwC’s Center for Board Governance.
An audit committee that outwardly demonstrates support of internal audit and the function’s importance to the company’s success sends a strong message to the entire organization—which can help empower internal audit to meet higher expectations.
Audit committees can start by looking at whether the CAE is included as part of the leadership team, but the CAE first needs to earn that seat at the table. A CAE that is viewed as a trusted advisor—one that meets a broader set of stakeholder expectations, including providing strategic advice to the business—can help improve how he/she (and the internal audit team) are perceived by its constituents. More than two-thirds of constituents say internal audit adds value when it is viewed as a trusted advisor, according to the PwC study.
One way an audit committee can show visible support of internal audit is by attending an annual internal audit group gathering and endorsing internal audit as the “eyes and ears of the audit committee.” Other ways include engaging the CAE in “private sessions” and having the chair meet one-on-one with the CAE on a regular basis.
Most CAEs report functionally to the audit committee and administratively to either the CFO or CEO. There may be differing views on what role internal audit should play in the company. Various parties may not agree on how much of internal audit’s plan should be defined as auditing compliance controls versus cost-savings or operational enhancement or how much of their role should be dedicated to health and safety initiatives, promoting quality improvements, or increasing efficiency and innovation. So it’s important for management, the CAE and the audit committee to agree on the internal audit group’s priorities and focus.
Leadership of the internal audit group is key to establishing the credibility of the function across the enterprise. According to Steve Karnas, former audit committee chair for Mars Inc., “That person has to have the right audit and technical skills as well as strong leadership traits – be capable of building a team. It’s also important that person has the courage to confront situations that are uncomfortable.”
How can an audit committee tell whether a CAE is respected? Among the many ways is to get a sense for whether the CEO is willing to spend time with him or her.
The traditional internal audit skills and capabilities around financial controls, fraud and ethics, and general IT may not be enough to meet contemporary expectations. The capabilities to address critical business risks, business continuity, and data privacy and security may also be needed. Audit committees should understand and discuss the resourcing mix for internal audit including the use of third-party resources, as appropriate.
It’s important that internal audit tailor its reports to include the “right” information that meets the expectations of the audit committee. It’s also important for the CAE to communicate concisely and with impact.
Another key to overseeing internal audit: the audit committee should have a robust evaluation and feedback process for the CAE.
Some key questions audit committees should be asking to maximize the value of internal audit include: