Even as assurance and compliance responsibilities are expanding for internal auditors, a significant shift in their strategic duties is on the horizon, according to a new survey.
More than half (54%) of respondents expect that in the next two years, internal audit’s primary mandate will be providing stakeholders with business insights and serving as a strategic adviser to the organization, according to EY’s Global Internal Audit Survey 2013.
Less than one-third (28%) of respondents said playing that strategic role is currently the primary mandate or focus of internal audit. More than 500 chief audit executives (CAEs) and audit committee members participated in the survey.
“The clear message from the survey is that internal audit functions need to stop thinking about themselves as compliance specialists and start taking on a much larger, more strategic role within the organization,” Ernst & Young LLP internal audit leader Brian Schwartz said in a news release. “IA is increasingly being asked by senior management and the board to provide broader business insights and better anticipate traditional and emerging risks, even as they maintain their focus on non-negotiable compliance activities.”
As strategic opportunities emerge, internal auditors also are adjusting to new compliance duties, according to the survey. Globalization has resulted in increased revenue from emerging markets for many companies, so new regulatory, cultural, tax, and talent risks are emerging.
Internal audit will play a more prominent role in evaluating these risks, according to the survey report. Although slightly more than one-fourth (27%) of respondents are heavily involved in identifying, assessing, and monitoring emerging risks now, 54% expect to be heavily involved in the next two years.
The biggest primary risks that respondents said their organizations are tracking are:
- Economic stability (54%).
- Cybersecurity (52%).
- Major shifts in technology (48%).
- Strategic transactions in global locations (44%).
- Data privacy regulations (39%).
Survey respondents said the skills most often found to be lacking in internal audit functions are:
- Data analytics;
- Business strategy;
- Deep industry experience;
- Risk management; and
- Fraud prevention and detection.
“As corporate leaders demand a greater measure of strategy and insight from their internal audit functions, CAEs will need to move quickly to close competency gaps and ensure that they have the right people in the right place, at the right time.” Schwartz said. “If they fail to meet organizational expectations, they risk being left behind or consigned to more transactional compliance activities.”
—Ken Tysiac (firstname.lastname@example.org) is a JofA senior editor.