Recent global studies show that a flexible approach to internal audit planning needs to be applied. July’s issue of Pulse of Internal Auditsuggests that internal auditors may need to change their approach to audit planning to better respond to unexpected and fast-paced changes in risks.
The report, carried out by The Institute of Internal Auditors (The IIA), raises an important issue which affects internal audit departments around the world.
It states that over three quarters of Chief Internal Auditors (CAEs) don’t identify all risks in a timely manner, and only 16 percent of the surveyed CAEs indicated that their audit plan is flexible enough to respond to emerging risks immediately.
It is, therefore, imperative that internal audit departments, and the organisations they operate in, must have the ability to continuously assess the horizon and swiftly respond to key risks once identified.
The report also states that only a quarter of CAEs said that their firms have a formal Enterprise Risk Management process headed up by a Chief Risk Officer or equivalent. Just under half of CAEs said that their risk management processes are informal, developing or non-existent. In conclusion, the IIA’s report makes the following recommendations:
- Internal Audit needs to be more responsive to and resourceful in managing emerging risks in the ever-changing business environment;
- CAEs should utilise the information which emerges from risk assessment or informal conversations to drive adjustments to the audit plan;
- Providing assurance for enterprise risk assessments should be a key focus for CAEs;
- In order to meet the dynamic demands on their profession, CAEs need to withstand the political pressures of their role.
Finally, Douglas Anderson, former CAE and current industry thought leader, summarises: "Now is not the time for CAEs to be complacent. The world is quickly changing around us and we must not just react, but be prepared. Focus on risk, the scope of your work, and how you will ensure you can handle political pressures."
For every challenge, there’s a solution
Mismanagement of risk can damage an organisation’s reputation. Despite high expectations from regulators, there’s still a significant number of companies globally that don’t have reliable or consistent controls for audit and risk management in place.
Ideagen have been helping companies worldwide with their internal audit and risk management for the past 25 years. With Ideagen’s Internal Audit and Risk Management software, Pentana, organisations are able to safeguard their companies’ reputation, mitigate risk, increase efficiencies and maximise the power of collaborative working. The software integrates all aspects of the audit cycle from annual planning to detailed risk assessment and controls testing, through to action tracking and Audit Committee reporting.
Don’t put your organisation’s reputation at risk, safeguard it with Pentana.