Recent 2015 audit surveys report some interesting findings about the current role of audit committees. They highlight not only how complex the world of risk management and oversight has become in the corporate world, but also the enormous breadth of responsibilities that the audit committee is expected to bear.
The requirements of internal audit will only continue to expand because, as PwC’s recent “2015 State of the Internal Audit Profession Study” shows, 60 percent of CAEs believe that within the next five years their internal audit function will need to be providing not only value-added services, but also proactive advice for the business.
Additionally, in KPMG’s recent “2015 Global Audit Committee Survey,” 74 percent of audit committee respondents said that more time is required to perform their role. Key areas of the internal auditor’s role that will require more time include:
- Internal controls around operational risk
- Oversight of the risk management process
- Cybersecurity
- Legal and regulatory compliance, including bribery and corruption
- Pace of technology change
- Internal controls around financial reporting
As if this list of responsibilities was not enough, when asked how the audit committee could improve its overall effectiveness, the response was that the primary way is to gain a better understanding of business strategy and risks. This makes sense of course, since having a good understanding of core strategic business risks provides an important context for considering the huge range of other risks.
How can the audit committee and, by delegation, the internal audit team, hope to successfully deliver on these demanding expectations?
Technology
Technology can be a big enabler here, as has been proven already in core business process areas. Technology is currently under-utilized in audit and risk in far too many organizations, as many other surveys repeatedly show.
Technology can provide the audit committee with dashboards that show the current status of overall risk management, risk assessment and audit activities, with the ability to drill down and understand specific risks, risk trends, audit findings and responses. Much of this is achieved through the implementation of automated risk and controls assessment solutions, driven by continuous auditing and monitoring of transactions.
Without technology, it is unrealistic, if not impossible, for the audit committee (as well as risk committees and the Board) to have an accurate, timely, enterprise-wide view of the organization’s risks.
Shift of Focus and Resources
Internal auditors are in a unique position within an organization and have the potential to deliver great value in areas well beyond their traditional focus. But, in order to do this, they need to be enabled in two critical ways: they need sufficient resources to be able to deliver realistically on an expanded mandate, and they need to harness the power of technology and work with data from across the enterprise in a way that no other functional team in the organization can do.