PwC Study: Internal Audits Lack Strategy for Risk Assessment

According to a recent PWC study, there continues to be a lack of consistency around the assessment of risk by internal auditors, according to the third annual study of current issues for the internal audit profession.

A number of divergent and conflicting trends related to risk assessment are a concern among internal audit executives. Although there is growing interest in enterprise risk management (more than 80 percent of respondents reported they conduct an annual enterprise-wide risk assessment), only a handful of those surveyed said they update the internal audit risk assessment continuously, while 64 percent may be doing little or nothing between annual assessments.

At one-third of the companies surveyed, multiple enterprise-wide risk assessments are being conducted across the organization. Of this group, only 20 percent consider these assessments "well" aligned, while 50 percent said they are "somewhat" aligned and 30 percent said they are "not well" aligned, with little or no coordination among the parties making the assessments.

PwC said six imperatives should be considered when strengthening the internal audit risk assessment process, as suggested by the study:

1. Adopt a process approach to risk assessment and planning.
2. Supplement annual risk assessments with quarterly or more frequent updates.
3. Leverage your prior assessment results.
4. Align and leverage risk assessments.
5. Seek out the specialized talent you need.
6. Coordinate effectively with other risk management groups.

Internal Auditor Jobs on the Rise, Says IIA

Corporate scandals, Sarbanes-Oxley legislation, and a renewed focus on protecting stakeholder interests are driving the growth of the internal audit profession, according to the Institute of Internal Auditors.

The global professional association said this is creating a record number of jobs for internal auditors, higher salaries for internal audit practitioners, and an enhanced perception of internal auditing's true value within the business community at-large.

I remember the old days when the internal auditors were perceived as second-rate auditors.  If you couldn't make it as an external auditor, then you became an internal auditor.  Also, the internal auditors were the 'gotcha' guys so you wanted to keep them out of your dept or at least limit the amount of time they spent looking at your dept.  That perception has changed dramatically since Enron and SOX. 

Now that I perform internal audits, I hope that my clients view my input as beneficial.  I go out of my way to build a collaborative working relationship by communicating why I do certain things or why the risks are high.  If people understand the context (or why you do something) and the reasoning makes sense, they go out of their way to help you.

Free Webcast -Managing Compliance and Ethics Globally

For those of you who want to learn more about managing compliance globally, Compliance Week is hosting this webcast...

When running a global compliance and ethics program, how do you overcome perceptions that this is just an American legal requirement? How do you respect local cultural differences but build a common corporate culture? How do you create allies in local business units to extend your reach? Join us, Thursday, May 24, 2007 at 2 p.m. EST with experts from The Altria Group, The Dow Chemical Company and LRN, when they will discuss what they are doing to ensure that their companies stay on the right side of the line, no matter where they do business.