As an extension to the annual PricewaterhouseCoopers “State of the Profession” survey for internal auditors, PwC surveyed the chief audit executives (CAEs) of Fortune 250 companies about trends likely to affect internal auditors over the next five years and what they expect internal audit to look like in 2012. Titled “Internal Audit 2012”, the study predicts the value of a controls-focused approach to internal audit to diminish and suggests that internal audit leaders revisit their objectives and adopt a “risk centric mindset” if they wish to remain key players in assurance and risk management. The study lists “ten imperatives” that provide the “foundation for a high performance internal audit function in the years ahead” including my favorite:
- “Adopt a risk-centric value proposition that focuses continually on enterprise risks. To meet rising stakeholder expectations, internal audit needs to embrace a risk-centric approach to delivering value. That requires providing assurance on risks as well as controls, maintaining an ongoing focus on risk, and keeping the audit committee and senior management well informed about changing risk exposures.”
Traditionally, internal audit has focused on assuring that internal policies and procedures are being followed and that the business is in compliance with external regulations. This has been accomplished through the monitoring and assessment of internal controls and tracking of issues that are raised during audits. The methodology tended to be bottom-up, check-the-box, account-based auditing intended to provide independent assurance that the business is operating as designed with as much transparency as possible.
By functioning as a consultative arm to the business and helping to establish an enterprise-wide risk and control framework, audit has the capacity to influence the continued improvement of process level controls as well as the macro level control environment. Internal audit can bring to the business best practices for measuring, managing and prioritizing risks while cross pollinating effective management techniques and internal controls across the enterprise.
To learn more about Internal Audit and its evolving role in ERM, check out this white paper.