Relationships and Risks: A Closer Look at the CBOK Survey

May is International Internal Audit Awareness Month. We are Internal Audit Awareness Month logocelebrating with a series of blog posts focused on internal audit topics and the daily challenges and future of the internal audit profession.

 

 

Brian ChristensenBy Brian Christensen
Global Leader, Internal Audit and Financial Advisory

 

 

 

I recently had the honor of hosting a webinar with The Institute of Internal Auditors on the 2016 CBOK Stakeholders Study and the evolving role of internal auditors beyond traditional financial assurance. This year’s survey was unique in that it was the first time The IIA partnered with Protiviti on this global study, which included significant input from stakeholders comprised of C-suite executives and board members.

To celebrate Internal Audit Awareness Month, I thought it would be appropriate to take a deep dive into the North American survey results, with additional reports to be released later this year. This installment looks at the overall findings discussed in the April 6th webinar. Subsequent posts will explore some of the more nuanced aspects of the study, focusing not so much on gaps, but on what internal auditors can do to meet, manage or exceed stakeholder expectations.

In the webinar we addressed the four key observations that emerged from the North American results:

  • Internal audit does many things well that could be considered foundational elements of assurance work.
  • There are opportunities for internal audit departments to add value to their organizations by spending more time focusing on risk identification and management, in addition to assurance work.
  • Internal audit should focus more on strategic risks – but exactly what the stakeholders mean by that is less than clear or consistent.
  • Increased demands on internal audit will require CAEs to prioritize competing expectations. Managing these conflicts requires strong relationship and communication skills.

Stakeholders gave internal auditors high marks on the basics, with 80 percent agreeing that their auditors are producing quality work, reliable results, useful recommendations and timely communication.

The question then becomes: What more can audit departments do to ensure that they continue to respond to the emerging needs of their organizations as seen by senior management and the board of directors?

In the study, stakeholders responded that they were most likely to seek advice from the internal audit department to identify known and emerging risks, facilitate and monitor risk management, and develop appropriate risk management frameworks. These results suggest that internal audit and the CAE are perceived as a reservoir of knowledge and insight to be tapped and deployed to improve risk culture and risk management capabilities and inform senior management and the board of up-and-coming risks.

More than half of stakeholder respondents said they want internal audit to be more active in assessing and evaluating strategic risks. However, they expressed low interest in internal audit involvement in new products and initiatives, and in new systems and technologies. This is an interesting finding. I believe that what stakeholders expect of internal audit is to not be distracted by technological novelties and focus instead on specific tools that facilitate the work that matters. Data analytics is increasingly such tool – there is a growing desire to see data utilized to provide relevant and current information about risk. Strategic insights often come from connecting dots to draw new insights. Data analytics can facilitate that.

With stakeholder expectations rising, the questions for internal auditors revolve around priorities: How can internal audit best manage potential jurisdictional and resource conflicts, while also managing stakeholder expectations? The top response from stakeholders, perhaps not surprisingly, was: Talk to us.

Communication is key, and stakeholders are looking to CAEs to initiate and cultivate strong relationships and open lines of communication with executive management and the board of directors to ensure alignment of priorities. Clearly, soft skills should be a priority.

For many of us in the profession, none of this is new, of course. It is instructive, however, to hear it directly from stakeholders.

In my upcoming posts, I will tackle the other key themes of the stakeholder study: moving beyond assurance to address the needs of boards and management, demonstrating understanding of strategic risks, and developing soft skills and relationships. Meanwhile, to access the discussion, click here and sign in to view the archived version of the webinar.

2 thoughts on “Relationships and Risks: A Closer Look at the CBOK Survey

  1. Pingback: Going Beyond Assurance | The Protiviti View

  2. Pingback: Wanted: A New, Soft Set of Skills for Internal Auditors | The Protiviti View

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s