This is an opportunity for Internal Audit Management and Audit Committees to compare the activities of their Internal Audit function with what others are doing. This blog references three excellent publications that provide current trends and happenings within Internal Audit. I am curious, are these observations representative of what you are seeing or are you seeing different trends that our readers should consider?
Top Five Audit Areas
Recently The IIA Research Foundation (IIARF) released their 2009 Global Audit Information Network (GAIN) report. It contains the top five audit universe areas which are:
- Financial controls and activities.
- Controls to detect and prevent fraudulent behavior.
- IT controls, data security and privacy controls.
- Compliance with and impact of policies and procedures, regulatory demands, and business changes.
- Overall effectiveness of risk management and risk assessment activities.
Does your Internal Audit function have the necessary skills to address all of these areas?
Value Added Internal Audit
In the current economic climate, companies of all sizes are stressing value added. Internal Audit functions are not exempt from this pressure. There is a move away from traditional financial auditing towards providing executive management and the Board value added reports including hard dollar savings. This trend is emphasized in the PriceWaterHouseCoopers 2009: State of the Internal Audit Profession Study. This study emphasizes that 60% of value loss in business relates to strategic and business issues while only 15% relates to financial issues. Is your Internal Audit Department including strategic and business risks within your audit universe?
There continues to be an emphasis on proactive management of risk as a means to avoid and reduce impacts of business issues such as the current economic crisis. Boards are under pressure to do more in the area of risk management and are asking increasing difficult questions. The COSO thought paper: Strengthening Enterprise Risk Management for Strategic Advantage contains more details on this trend.
Internal Audit can play a key role in moving a company forward in this area. Some examples are:
- Take a risk inventory and proactively define the benefits of Enterprise Risk Management for your organization. Reference our blog article: Enterprise Risk Management (ERM): Should you budget for ERM?
- Play a proactive rule in educating management on the processes to monitor and manage risk so they can effectively respond to the Board’s requests for information.
- Review compensation arrangements to verify a balance of the focus on achieving key performance goals without exposing the organization to unintended risks.
I look forward to your feedback. Elaine Nissley, Principal, ENissley@macpas.com.