The Chief Audit Executive (CAE) and his team of internal auditors have a clear mandate - sharpen their focus on business risk and add value by being more risk-centric. Evolved from an objective assurance and consulting activity, IA will address the growing needs of global organizations and meet the new expectations of investors and board members.
Based on our engagements with several large organizations relying on MetricStream solution for managing its audit, risk and compliance processes, five key trends we observe are:
- Evolving role of internal auditors and expanding scope of audits: Internal audit in organizations has evolved from the task of financial auditing. The traditional work of the function - operations, systems, fraud investigations, and special project audit work - has taken a back seat to the more pressing needs of regulatory compliance as well as business process optimization. A properly structured internal audit function, impacting not just regulatory compliance but also operational excellence - is being actively sought. Today, the role of an internal auditor has evolved from merely financial reporting on controls to managing risk, prioritizing goals and activities, eliminating complexity and redundancy, streamlining operations, while driving down cost and protecting and enhancing shareholder value.
- Business performance and quality assessments: Every stakeholder, management and the audit committee, relies heavily on internal audit for providing assurance and establishing trust in the organization. The answer comes in the form of performance and quality assessments—an examination of the effectiveness and efficiency of the function. Continuous performance reviews and quality assurance activities built into the job descriptions and operating routines of the department provides a window into work performed and quality of operations. Audit staff can run a check on issues like: Does a comprehensive risk assessment serve as the basis for planning and execution? Are stakeholders’ needs met in a timely fashion?
- Organizational structure for accountability and transparency: Today’s environment calls for greater collaboration and strong relationship between the auditor and the auditee at all levels. The trend therefore is moving towards developing a structure that facilitates healthy environment. This will encourage free flow of information regarding any issues or concern between the auditee and the auditor. The organization has to be structured in a way that facilitates accountability i.e. not limited to only the Audit Committee.
- Shift away from SOX compliance towards risk-based auditing: Out of necessity, internal auditors have been devoting their time, energy and resources in recent years primarily to SOX compliance activities. Now, it is time for internal auditors to reevaluate its activities and sharpen its focus on stakeholder expectations and risk-based auditing. Enterprise-wide risk management and fraud are also gaining precedence. Moreover, the modern day, technology savvy companies require additional focus on risk assessment, particularly because these risks have the potential to impact organizations more rapidly. Activities relating to fraud detection and auditing IT security are also generating more responsibility for internal audit.
- Upgrading audit infrastructure and technological advancement: Large companies, specially with complex auditing requirements that span not just financial audits but also audits, assessments and inspections related to operations, quality, safety, suppliers and IT are upgrading the technology infrastructure used to carry out auditing - from risk assessments and audit universe creating and planning to audit data collection, reporting and remediation. Companies are migrating from their legacy systems, point applications and paper-based procedures to a web-based integrated audit management system. The technological advancement allows the CAE to streamline and strengthen the internal audit function enabling it to deliver more strategic value while lowering its costs of operation. Expected benefits are better enterprise-wide visibility, a transparent and collaborative environment and data-driven decision making. Solution and tools available today provide a reliable means to monitor access controls, observe the closed-loop processes and analyze important data and KRIs.
These trends are driving sweeping changes that will require auditors to redefine departmental agendas and pursue a unified value proposition of internal audit so that their roles and departments are recognized as strategic players.