Strong need to enhance internal audit capabilities in critical risk areas: PwC
TORONTO — Companies are aiming for higher performance to contend with the ever-changing risk landscape, but are not raising the bar on internal audit at the same pace, according to the PwC Internal Audit State of the Profession 2013 survey. However, before internal audit reaches new heights, it must continue to evolve its focus or risk losing relevance as other functions become more vital contributors in the risk management area.
The survey shows that 80 per cent of respondents believe threats are increasing, yet only 12 per cent think their own organization manages risk extremely well. Stakeholders are also requesting increased capabilities with internal audit’s contribution in emerging risk areas such as large program assessment, new product introductions, capital project management and mergers and acquisitions.
“For internal audit functions to maximize their value to the organization, they must ensure alignment on multiple levels,” says Matthew Wetmore, partner and leader of PwC's Canadian Internal Audit practice. “There must be alignment of stakeholder expectations, a focus on the highest risk areas, and an eye towards both the internal audit capabilities needed today and the emerging needs of tomorrow.”
The report indicates that high performing internal audit functions demonstrate significantly stronger foundational capabilities. It also offers opportunities to coordinate with their organization’s governance, risk and compliance activities, more effectively incorporate emerging risk into audit areas and provide proactive advice while actively engaging with management in organizational initiatives.
To help achieve these successes, PwC outlines key steps audit committees, management and chief audit executives can take to enhance the value internal audit delivers to organizations:
Audit Committee: Ask more questions
- Most audit committees consider oversight of risk management to be a primary responsibility. However, they should ask if the internal audit’s actions align with critical business risks and if internal audit has established a clear, strategic plan to raise capabilities and deliver value.
Management: Expect more
- Management teams should require their organizations to have a strong enterprise-wide risk assessment process, enabling management, internal audit and the board to have a productive and transparent discussion about risk management.
Chief Audit Executives: Deliver more
- Chief audit executives should have a strategic vision that aligns to stakeholder expectations, including a strategy for investing in the right resources. They must also be prepared to engage in conversations with the board and management about internal audit’s performance.
“There are opportunities for internal audit to demonstrate a more valuable contribution, but to do so, there must be a well-thought plan and well-charted course,” says Wetmore.
Wetmore concludes, “Chief audit executives must close performance gaps and grow internal audit, whether by increasing capabilities in new and emerging risk areas or delivering better service within existing offerings.”