New duties on horizon for internal auditors

BY KEN TYSIAC

Even as assurance and compliance responsibilities are expanding for internal auditors, a significant shift in their strategic duties is on the horizon, according to a new survey.

More than half (54%) of respondents expect that in the next two years, internal audit’s primary mandate will be providing stakeholders with business insights and serving as a strategic adviser to the organization, according to EY’s Global Internal Audit Survey 2013.

Less than one-third (28%) of respondents said playing that strategic role is currently the primary mandate or focus of internal audit. More than 500 chief audit executives (CAEs) and audit committee members participated in the survey.

“The clear message from the survey is that internal audit functions need to stop thinking about themselves as compliance specialists and start taking on a much larger, more strategic role within the organization,” Ernst & Young LLP internal audit leader Brian Schwartz said in a news release. “IA is increasingly being asked by senior management and the board to provide broader business insights and better anticipate traditional and emerging risks, even as they maintain their focus on non-negotiable compliance activities.”

New risks

As strategic opportunities emerge, internal auditors also are adjusting to new compliance duties, according to the survey. Globalization has resulted in increased revenue from emerging markets for many companies, so new regulatory, cultural, tax, and talent risks are emerging.

Internal audit will play a more prominent role in evaluating these risks, according to the survey report. Although slightly more than one-fourth (27%) of respondents are heavily involved in identifying, assessing, and monitoring emerging risks now, 54% expect to be heavily involved in the next two years.

The biggest primary risks that respondents said their organizations are tracking are:

  • Economic stability (54%).
  • Cybersecurity (52%).
  • Major shifts in technology (48%).
  • Strategic transactions in global locations (44%).
  • Data privacy regulations (39%).


Survey respondents said the skills most often found to be lacking in internal audit functions are:

  • Data analytics;
  • Business strategy;
  • Deep industry experience;
  • Risk management; and
  • Fraud prevention and detection.


“As corporate leaders demand a greater measure of strategy and insight from their internal audit functions, CAEs will need to move quickly to close competency gaps and ensure that they have the right people in the right place, at the right time.” Schwartz said. “If they fail to meet organizational expectations, they risk being left behind or consigned to more transactional compliance activities.”

Ken Tysiac ( ktysiac@aicpa.org ) is a JofA senior editor.

SPONSORED REPORT

Why cybercriminals are targeting CPAs

This free report expands on the most commonly found scams, why education and specialized IT knowledge help to lessen security vulnerabilities, and why every firm should plan carefully for how it would respond to a breach.

PODCAST

How tax reform — and Excel — are changing the CPA Exam

Mike Decker, the vice president of examinations at the AICPA, discusses changes being made to the exam as a result of tax reform — and about how Excel will now be available for use on the test.