Half of the business executives want that the internal audit function play a more important role in the organizations, says PwC

The 13th annual edition of the State of the Internal Audit Profession study finds that half of the business executives[1] surveyed want that the internal audit function play a more important role in the organizations, because this function has the ability to help stakeholders better manage unplanned or unanticipated events, also known as market disruptions.

“Organisations are facing an increase in the number and complexity of risks, which can have a major impact on the activities of companies. Stakeholders expect internal audit functions to help them navigate this changing landscape” says Mircea Bozga, Risk Assurance Leader, PwC South-Eastern Europe.

“In a world of constant disruption, internal audit leaders need to think differently to accomplish more dramatic transformation and demonstrate their vitality. Particularly, they must be well-equipped to mitigate risk in several disruptive areas including regulatory changes, cybersecurity and changes to customer preferences — the disruptors most likely to impact businesses over the next three years”, added Mircea Bozga.

The report is based on nearly 1,900 respondents from organisations headquartered in 41 countries[2].  18% of them report that their internal audit functions play a valuable role in helping their companies anticipate and respond to business disruption – a subset of the pool which we’ve coined “Agile Internal Audit (IA) Functions.”[3] Nearly nine out of ten stakeholders with Agile IA Functions report that internal audit is adding significant value.

The study uncovered two key traits that enable Agile IA Functions to lead in disruptive environments –preparedness and adaptiveness.

Preparedness

Agile IA Functions are forward-looking and able to identify emerging disruptions and associated business needs. They collaborate with other lines of defense in a unified and integrated manner and make decisions mutually supported by others in the organisation. To boost preparedness, internal auditors should:

  • Build the eventuality of disruption into planning and risk assessment: 84% of Agile IA Functions are mindful of disruption and include the possibility as part of the audit plan development.
  • Meaningfully collaborate with other lines of defense: 76% of Agile IA Functions cohesively work with other risk management and compliance functions to address disruption.
  • Invest in and elevate business and technical IQ: 73% of Agile IA Functions provide Internal Audit with advanced technology and encourage the development of trending and analysis techniques.

Adaptiveness

Flexibility is key in Agile IA Functions—their processes must be transformative across audit plan development, audit planning, fieldwork and reporting. They should also use innovative talent models as needed and routinely reorganise or redirect resources according to disruption. To be adaptive, internal auditors should:

  • Create more flexible processes and reporting mechanisms: 73% of Agile IA Functions change course and evaluate risk at the speed required by the business.
  • Drive the use of data analytics and technology: 47% of Agile IA Functions have increased the use of data mining and data analytics for continuous auditing/monitoring of trends and potential impacts of disruption.
  • Implement flexible talent models: 74% of Agile IA functions redirect/reorganise resources as needed to help the organisation manage or respond to disruption.

“To become a leading internal audit function likely means changing what internal audit is doing and where it’s focusing, such as using more frequent proactive risk evaluations in advance of disruptions. With an innovative vision of what internal audit can be, the function can deliver the greater value that stakeholders expect and need”, said Mircea Bozga.

 

 Notes to editor:

To download a full copy of the report, please visit: www.pwc.com/us/2017internalauditstudy

About PwC’s Risk Assurance practice

PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC’s Risk Assurance practice has developed a holistic approach to risk that helps to protect business, facilitate strategic decision making and enhance efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to the unique needs of the organization.
About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

“PwC” refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. Please see www.pwc.com/structure for further details.

©2017 PricewaterhouseCoopers. All rights reserved

[1] The respondents were made up of internal audit executives and stakeholder of internal audit, including audit committee members and chairs, board members, CFOs, CEOs, CCOs and CROs.

[2] Countries include: Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China/Hong Kong, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Ireland, Italy, Japan, Kenya, Luxembourg, Mexico, Namibia, Netherlands, New Zealand, Nigeria, Norway, Poland, Portugal, Russia, South Africa, Spain, Sweden, Switzerland, Turkey, Ukraine, United Arab Emirates, UK, US and Venezuela.

[3] This subset was created based on two criteria: (1) their company received significant value from internal audit’s involvement in disruptive events, and (2) their company defined internal audit’s value as contributing something more than executing effectively and efficiently on the audit plan.