The FINANCIAL -- PwC on March 21 released its 13th annual State of the Internal Audit Profession study, which found that internal audit functions are losing ground in trying to keep pace with stakeholder expectations.
This year’s study shows that the number of stakeholders that view internal audit as “contributing significant value” dropped from 54% in 2016 to only 44% in 2017, reaching its lowest level in five years. Despite this drop, the good news is that nearly half of all stakeholders want internal audit to take on a more integral role; this can be achieved through the function’s ability to help stakeholders better manage unplanned or unanticipated events, also known as market disruptions.
“Organisations are facing rising complexity of risks and new disruptive sources, impacting them at increasing speed. Stakeholders expect internal audit functions to help them navigate this changing landscape or face a shrinking perception of the value internal audit provides,” says Jason Pett, PwC's US Internal Audit, Compliance & Risk Management Solutions Leader. “In a world of constant disruption, internal audit leaders need to think differently to accomplish more dramatic transformation and demonstrate their vitality. Particularly, they must be well-equipped to mitigate risk in several disruptive areas including regulatory changes, cybersecurity and changes to customer preferences -- the disruptors most likely to impact businesses over the next three years.”
Based on nearly 1,900 respondents from organisations headquartered in 41 countries, 18% of them report that their internal audit functions play a valuable role in helping their companies anticipate and respond to business disruption – a subset of the pool which we’ve coined “Agile Internal Audit (IA) Functions.” Nearly nine out of ten stakeholders with Agile IA Functions report that internal audit is adding significant value – that’s more than double the percentage of stakeholders with less agile internal audit functions, according to PwC.
The study uncovered two key traits that enable Agile IA Functions to lead in disruptive environments –preparedness and adaptiveness.
Agile IA Functions are forward-looking and able to identify emerging disruptions and associated business needs. They collaborate with other lines of defense in a unified and integrated manner and make decisions mutually supported by others in the organisation. To boost preparedness, internal auditors should:
Build the eventuality of disruption into planning and risk assessment: 84% of Agile IA Functions are mindful of disruption and include the possibility as part of the audit plan development, compared to 50% of less agile peers.
Meaningfully collaborate with other lines of defense: 76% of Agile IA Functions cohesively work with other risk management and compliance functions to address disruption, compared to 40%of peers.
Invest in and elevate business and technical IQ: 73% of Agile IA Functions provide Internal Audit with advanced technology and encourage the development of trending and analysis techniques, compared to 60% of peers.
Flexibility is key in Agile IA Functions—their processes must be transformative across audit plan development, audit planning, fieldwork and reporting. They should also use innovative talent models as needed and routinely reorganise or redirect resources according to disruption. To be adaptive, internal auditors should:
Create more flexible processes and reporting mechanisms: 73% of Agile IA Functions change course and evaluate risk at the speed required by the business, compared to 37% of peers.
Drive the use of data analytics and technology: 47% of Agile IA Functions have increased the use of data mining and data analytics for continuous auditing/monitoring of trends and potential impacts of disruption, compared to 35% of peers.
Implement flexible talent models: 74% of Agile IA functions redirect/reorganise resources as needed to help the organisation manage or respond to disruption, compared to 40% of peers.
“To become a leading internal audit function likely means changing what internal audit is doing and where it’s focusing, such as using more frequent proactive risk evaluations in advance of disruptions,” said Mark Kristall, Partner within PwC's US Internal Audit, Compliance & Risk Management Solutions practice. “With an innovative vision of what internal audit can be, the function can deliver the greater value that stakeholders expect and need.”