Internal Audit at Financial Institutions Is Evolving

Michael Thor, Managing Director Leader of Internal Audit Services for the Financial Services Industry, North America

Financial firms’ risk profiles are continually challenged by new regulatory requirements and heightened expectations from supervisors requiring firms to advance their risk management processes. At the same time, advances in technology are driving consumer demand for more mobile services, even as new entrants, the so-called fintech companies, are transforming the competitive landscape. All this means that demands on chief audit executives (CAEs) and internal audit departments at financial institutions are increasing in proportion to these new challenges.

Under the heightened standards for large financial institutions, a set of guidelines issued by the U.S. Office of the Comptroller of the Currency (OCC), the role of internal audit is defined as opining on the readiness and design of the risk management systems and corporate governance structures of the institution, including its risk culture and risk appetite. To fulfil this role, auditors at financial services firms need to improve their technical knowledge in several areas, according to Protiviti’s latest Internal Audit Capabilities and Needs Survey, a comprehensive survey of internal audit professionals conducted in the fourth quarter of 2015.

A special industry-focused publication derived from the larger survey’s results, Top Priorities for Internal Audit in Financial Services Organizations, zooms in on the concerns and outlook of internal audit leaders within the financial services industry. In summary: The list of internal audit priorities for financial services firms is only getting longer, and internal auditors are noting the need to improve their knowledge in key areas, specifically cybersecurity, mobile applications, model risk, and the challenge of integrating risk appetite and risk culture within an agile risk management philosophy.

In addition, as the last line of defense, internal auditors need to streamline their processes to foster a more agile and efficient internal audit approach. The survey makes clear that during the past year, internal audit executives have advanced in their efforts to connect with the lines of business and management as part of collaborative efforts to improve oversight and to help the organization understand its risks and achieve its strategic objectives. Such collaboration improves communication between the three lines of defense while also helping organizations become more efficient and optimize existing resources – an important goal, since difficulties in hiring and retaining talent have become more acute in recent years.

In light of this talent shortage, internal audit functions are increasingly considering investment in technology-enabled auditing approaches and tools, which can help them meet two important objectives: 1) address their growing list of priorities more efficiently, and 2) stay current and effective in their approach to risk, as banks continue to adopt emerging technologies in an effort to remain competitive in a rapidly evolving marketplace.

By improving their efficiency, knowledge and effectiveness, internal audit functions will be able to better assist their organizations in their continued growth. The improved skill set also will help position internal audit for its growing role of a key strategic partner in the broader enterprise – a role very much in demand, according to the recently published North American results of the 2016 Common Body of Knowledge (CBOK) Stakeholder Survey (with global results coming soon).

Finally, the reports on internal audit priorities, both the overall findings and the financial services edition, provide more than just a snapshot of the areas internal audit executives are most concerned about. The publications also offers real, practical advice from Protiviti experts from a variety of subject areas on how internal audit functions can achieve their goals and objectives. They discuss hot topics and changes that have occurred over the past 12 months in the financial services industry, and their impact on the work of internal audit. Download the two reports here and here.

Add comment