67 percent of stakeholders of those internal audit functions with a broader expectation set (i.e. trusted advisors) believe the function delivers significant value
High performing internal audit functions operate by design rather than default around an aligned set of expectations
NEW YORK, April 1, 2014 – Many organizations have reported that their internal audit functions took strides to improve their performance during the past year, but data shows that the progress has not been sufficient to keep pace with today’s increasingly risky and complex business landscape. Limited improvement of performance continues to hinder internal audit’s ability to build the right capabilities and deliver on stakeholder expectations. However, the bigger challenge lies within the differences of opinion existing between stakeholders and Chief Audit Executives (CAEs) on the nature of what is expected of internal audit, according to PwC’s Internal Audit State of the Profession 2014 study.
“Our latest study indicates that many internal audit functions are responding to a wide variety of stakeholder demands rather than taking purposeful action in designing their function around an aligned set of expectations,” said Jason Pett, Internal Audit Services Leader for PwC. “Internal audit must be aligned with the expectations of its stakeholders in order to strategically building the right capabilities and raise its performance and value.”
This year’s study reflects the opinions of more than 1,900 chief audit executives, internal audit managers, members of senior management and board members, representing 24 industries across 37 countries. PwC’s latest report takes a deep dive into stakeholder expectations, detailing the possible expectations internal audit can potentially meet, and the tactics leading organizations are using to gain alignment around those expectations. It also discusses how leading internal audit functions are building the capabilities to deliver on their stakeholders’ expectations and increase their contribution, ultimately driving increased value to their organizations.
More than half (55 percent) of senior management reported that they do not believe internal audit adds significant value to their organization, and nearly 30 percent of board members believe it adds less than significant value. However, study participants believe that given adequate resources, opportunities exist for internal audit to increase its value and its contribution to the business.
“Overcoming that level of dissatisfaction from leadership will be a challenge, but with challenge comes opportunity. Business risks are rising across the board, and our recent Risk in Review study highlighted that 75 percent of executives reported increased risks to their business. Internal audit functions delivering the greatest value have alignment on their role in the current risk environment as well as around emerging risks. They are building resources to meet these aligned expectations and key risks to the business, and are therefore positioned to provide significant value to the organization,” added Pett.
PwC’s study suggests that stakeholders and internal audit should be establishing expectations aligned to eight foundational attributes of internal audit – business alignment, risk focus, quality and innovation, service culture, talent model, stakeholder management, technology and cost effectiveness. Considering these attributes, stakeholders reported low levels of performance in bringing the right level of talent to the organization, leveraging technology and delivering cost-effective services.
“We saw from our study that on average, only 49 percent of senior management and 64 percent of board members believe internal audit is performing well at delivering on the foundational attributes and their associated expectations,” said John Tantillo, Partner, Internal Audit Services, PwC. “Even CAEs are critical of their functions’ performance with just 65 percent believing their function is performing well. Achieving alignment around expectations and critical risks is a significant step towards internal audit improving its relevance and value to the business.”
By aligning expectations and having the right skills and capabilities, internal audit functions can add significant value to their organization as either an assurance provider (i.e. delivering objective assurance and executing on an often more traditional audit plan) or trusted advisor (i.e. providing value-added services and strategic advice to the business, beyond the execution of the audit plan). PwC’s latest study revealed that trusted advisors are more often seen as adding significant value – 67 percent of stakeholders reported that trusted advisors provide significant value compared to 33 percent of assurance providers. Trusted advisors are also performing at a much higher level on the eight foundational attributes of internal audit.
“Getting to trusted advisor status is a journey, and may be seen as adding more value as a result of those internal audit functions having the ability to bring in a broader range of skills and capabilities to an organization. Trusted advisors are focused on communicating the value they bring to the organization through the recommendations they provide and their involvement in emerging issues rather than classic value measures such as successful completion of the audit plan,” continued Pett. “However, our survey results show that the role of an assurance provider is a critical and value-added role when aligned with organizational expectations.”
Without alignment on expectations, investment in skills and capabilities to deliver on expectations and a well-designed communication plan, internal audit may be limited in its ability to deliver high performance and provide real, measurable and appreciated value. PwC outlines the key steps CAEs, board members and senior management can take to purposefully design an internal audit function:
CAEs: Lead the design and communication plan
CAEs should lead by developing a point of view on what stakeholders expect of internal audit and how to fulfill those expectations, especially by assessing needed skill sets against current capabilities. A communication plan should be created to purposefully gain alignment on the suggested expectations. CAEs should regularly re-evaluate the design and approach of the internal audit function to keep it aligned with stakeholder expectations.
Board members: Provide proactive input and approval of the design
In addition to providing input on the board’s expectations of internal audit, board members should offer insights to senior management on what they expect of internal audit in terms of achieving internal audit’s short and long-term strategic plans and ultimate approval of the expectations set. Board members should encourage the CAEs to have regular and more frequent communications with the board. Communication plans should include how and when the board would prefer internal audit report progress against expectations.
Executive Management: Support the design
Support the design of internal audit by clearly communicating expectations and supporting internal audit’s involvement in non-traditional areas. Senior management should embrace the concept that internal audit capabilities and capacity have evolved, and if properly aligned and resourced, internal audit is capable of delivering on broader more strategic initiatives and producing significant value. In addition, management should support internal audit’s efforts to develop metrics that align to expectations, and expect more than the often typical reports on audit plan status.
“The bottom line is that if an internal audit function delivers more, stakeholders can ask for more as the function is positioned to do more and is given the opportunity and resources to deliver against broader expectations. Getting to this level may not be easy, but internal audit functions can begin moving in that direction by purposefully re-designing their function around an aligned set of stakeholder expectations, building capabilities to meet these aligned expectations and delivering greater value to the organization,” concluded Pett.
About PwC’s Risk Assurance Practice
PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC's Risk Assurance practice has developed a holistic approach to risk that protects business, facilitates strategic decision making and enhances efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to meet the unique needs of clients.
About PwC US
PwC US helps organizations and individuals create the value they’re looking for. We’re a member of the PwC network of firms in 157 countries with more than 184,000 people. We’re committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com/US. Gain customized access to our insights by downloading our thought leadership app: PwC's 365™ Advancing business thinking every day
Learn more about PwC by following us online: @PwC_LLP, YouTube, LinkedIn, Facebook and Google +.
© 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC US refers to the US member firm, and PwC may refer to either the PwC network of firms or the US member firm. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
# # #