As Well As Reducing Budgets, The COVID-19 Pandemic Has Heightened Organizational Risks and the Need for Audit Oversight
Stamford, CT (March 24, 2021) – A September 2020 study of 299 internal audit organizations showed that the function faced both declining budgets and a significantly expanded workload in 2020, according to Gartner, Inc.
“For many heads of audit, it’s not clear where the extra capacity is going to come from,” said Margaret Moore Porter, Managing Vice President in the Gartner Audit practice. “It’s clear the pandemic has created and heightened risks that need audit oversight, but there is a real danger of the function being overwhelmed unless leaders can find ways to increase capacity without increasing budgets.”
Information security and information technology risks were the two areas where a majority of audit functions planned to spend more time. Yet there is a long tail of risk areas demanding more attention and not many that will require significantly fewer hours (see Figure 1).
“At the moment, this is very far from being a balanced equation,” said Ms. Porter. “The obvious implication, if the picture doesn’t become more balanced, is that audit leaders will have to make tough coverage trade-off decisions.”
Internal audit function budgets enjoyed a period of growth of approximately 5 percent per year in the period between 2017-2019. In 2020, that figure came in as a 1.5 percent decrease, and Gartner predicts it to be flat in 2021. Headcount also remained flat in 2020, and this is expected to continue in 2021.
“It doesn’t look like there will be a way to buy more capacity for most internal audit functions in 2021,” said Ms. Porter. “Leaders will have to be creative and find ways to get more out of the resources they have.”
Sixty-six percent of audit departments are in active discussions with other risk and control groups in their organizations on how they can better share resources, notably support for risk assessment and data analytics.
Many audit departments are looking to better align and rely on risk coverage from the second line to reduce duplication and improve efficiency. Given regulatory scrutiny, that approach is less prevalent in financial services (FS) and banking audit departments, where 47 percent do not rely on the second line to provide assurance compared to 35 percent in non-FS and banking.
Gartner clients can learn more in 2020 State of the Internal Audit Function.
Non clients can also learn more in the complimentary webinar Audit at the Speed of Business – Strategies for Scaling Assurance in a High-Risk, High-Change Environment.
About the Gartner Audit & Risk Practice
The Gartner Audit & Risk practice equips Audit & Risk leaders and their teams with insights, advice, and tools to better navigate high-risk growth decisions. Additional information is available at https://www.gartner.com/en/audit-risk.
Gartner, Inc. (NYSE: IT) is the world’s leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities today and build the successful organizations of tomorrow.
Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We are a trusted advisor and objective resource for more than 15,000 organizations in more than 100 countries — across all major functions, in every industry and enterprise size.
To learn more about how we help decision makers fuel the future of business, visit gartner.com.