Risk management is an essential area for many companies. Focusing on key issues such as process review and optimization, system functionality and policy compliance are key steps in this process. More and more management is relying on internal auditors to help address strategic issues and manage existing and emerging enterprise risks. This is especially true given the complex and quickly changing nature of data and cyber security threats. As the importance of the internal audit function increases, it’s essential to examine what approach internal auditors should use to ensure they sustain the level needed to meet demand.
To help address this concern, the Institute of Internal Auditors (IIA) Research Foundation recently released a report, Driving Success in a Changing World: 10 Imperatives for Internal Audit. The report reviews responses to key questions such as; “How frequently do you update your audit plan,” “What kinds of training do you provide for your staff,” and “Have you ever felt pressure to suppress or modify a valid audit finding or report. The report identifies 10 areas where internal auditors can focus to keep up with the pace of new challenges as they emerge.
- Anticipate the needs of stakeholders. The board, management, and other stakeholders often have a broad range of constantly shifting, sometimes competing, and typically poorly communicated needs that internal auditors should seek to understand and ultimately serve. To do this, it’s important to consult with management, audit committees, and business line heads to incorporate their feedback into your audit plans. By improving communication channels, you’ll be better able to anticipate – and meet – stakeholder expectations.
- Continually advise the board and audit committee. Keep the board up to speed and be their leading source of information on risks they should be most concerned about on a regular basis – such as emerging risks, risk management, internal audit, and the IIA’s Standards. You have the unique position of understanding both these risks and the business operations and strategic goals, so exhibit your credibility by being their primary source for information, advice, and answers to their questions via formal communication channels and as a willing advisor in informal conversations.
- Be courageous. You must be willing to engage in straight talk and handle potential conflict by telling the truth about the organization’s internal audit findings. In certain cases, audit findings are tied to compensation in some way. Counter this by encouraging a culture where proactivity is rewarded in equal amounts to results so management is persuaded to be involved in the identification and mitigation of risk and less likely to suppress negative findings.
Analyze and Update Frequently
- Enhance audit findings through greater use of data analytics. Make use of available data mining or data analytics technology that allows analysis of complete data sets instead of samples with continuous or real-time auditing technology. This will help improve efficiency and enable auditing of data-rich areas with more sophisticated methods for greater accuracy.
- Identify, monitor, and deal with emerging technology risks. IT is among the top five risks on which internal auditors are focusing the greatest level of attention for 2016. Because technology risks are constantly evolving, it’s essential to stay ahead of the curve by engaging in audit activities for the organization’s social media and cybersecurity systems.
- Develop forward-looking risk management practices. Just 34% of internal audit plans are updated three or more times a year, according to the survey results. Internal auditors should reassess and update their plans regularly to deal with fast-moving emerging risks. Failure to update plans frequently may put internal audit at risk of overlooking important changes in the business environment.
Educate and Evaluate
- Invest in yourself. Put in the extra time needed to understand business operations so you are prepared to conduct internal audits – even beyond what the organization may outlay for internal training or orientation. In addition, depending on the size of your internal audit department, you may need outside training to receive the necessary technical and leadership skills and certifications needed to elevate your value to the organization and do your job to the best of your ability.
- Go beyond the IIA’s standards. While the standards are a good framework for a quality assurance and improvement program, you can go beyond the standards to deliver specific, high-value activities for the organization. Ask stakeholders what activities would provide the most value, and consider an external audit periodically to check your progress.
- Recruit, motivate, and retain great team members. First, get the right kind of support you need internally to make a difference for the organization. Individuals must have the right mix of analytical, communicative, and technology skills along with industry-specific knowledge. Some skills can be taught, so focus on those with the innate skills you can’t always learn (for instance, critical thinking and communication) and make training and education readily available for the rest. Once you have the right team in place, work to keep them there with things like bonuses to provide motivation and retention.
- Support the business’s objectives. Just over half (57%) of the survey respondents said their internal audit department is fully or almost fully aligned with the strategic plan of their business – which means that the remaining 43% (a large number) are not confident in their alignment. Work to thoroughly understand the business objectives, identify and manage the key risks facing those objectives, and create specific performance measures for each area of the strategic plan. Aligning your internal audit goals with the strategic objectives of the company is the surest way to demonstrate real value on an ongoing basis for your organization and help the organization achieve its goals, so don’t miss this important step in your plan.
By focusing on these 10 essential elements, internal auditors can demonstrate their willingness and ability to overcome challenges posed by today’s dynamic business environment and increase their value by improving internal communication, using technology, developing new skills, and supporting the overall business objectives.
As risks to companies change and evolve it’s essential to maintain a proactive and responsive internal audit function. Now more than ever it’s important to review and update the departments approach and strategy. Looking for assistance with internal audit issues, contact Barnes Denning today! For additional information on the IIA report or other internal audit concerns, contact us at 513-241-8313, or click here for email. We look forward to speaking with you soon!