The Protiviti View  | Insights From Our Experts on Trends, Risks and Opportunities

The Protiviti View

Insights From Our Experts on Trends, Risks and Opportunities
Search

POST

2 mins to read

FSI CBOK Study: Effective Assurance Alone Is No Guarantee of Internal Audit Success

Views
Larger Font
2 minutes to read

This year the internal audit agenda for the financial services industry is more than a little crowded. Global macroeconomic uncertainty, rock-bottom interest rates, soaring regulatory expectations, cybersecurity threats and attacks, legacy information technology (IT) systems, fintech, blockchain and other disruptive innovations — and that’s before we even get to fulfilling the core mission of delivering effective assurance.

The message of the 2015 Global Internal Audit Common Body of Knowledge (CBOK) Stakeholder Study is clear: Assurance alone is no longer enough. Assurance remains at the core of the internal audit function — value-added work for stakeholders cannot detract from that. But survey respondents, which included executives and board members who work closely with internal auditors, indicated they want more. Specifically:

  • Consulting on business process improvements
  • Alerting operational management to emerging issues and changing regulatory and risk scenarios
  • Facilitating and monitoring effective risk management practices by operational management
  • Detecting shifts in the organization’s implicit risk appetite
  • Identifying known and emerging risk areas

More than 70 percent of board members and executives believe internal audit should take a more active role in assessing and evaluating strategic risks. This is a mandate for chief audit executives and internal auditors to think more strategically when evaluating risks and ensuring their audit plans are sufficiently risk based.

Implicit in all of these value-added functions is the importance of maintaining objectivity. Such consulting approaches a fine line that regulators tend to review closely. And, of course, all of that is in addition to assurance, which remains internal audit’s primary objective. The good news is that respondents gave internal audit high marks for assurance activities, and especially for establishing audit plans to assess areas or topics that are significant and highly relevant to the organization and consistent with organizational goals. There were five assurance areas, however, that respondents agreed could use improvement, including:

  • Effectively validating that executive management promotes appropriate ethics and values within the organization
  • Communicating which risks or activities of the organization are not covered by the internal audit plan
  • Assessing the adequacy and effectiveness of governance
  • Demonstrating sufficient knowledge of key IT risks and controls in performing audit engagements, and
  • Demonstrating sufficient knowledge of fraud and corruption to identify red flags indicating possible fraud or corruption when planning and conducting audit engagements

Looking ahead, executives and directors said they are increasingly turning to internal audit for advice on business process improvements and see opportunities for auditors to add even more value through data analysis and so-called “soft” skills, including change management and facilitating interdepartmental communication.

For more detailed analysis and survey results, you can download the report here.

Was this post helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Find a similar post by topics

Authors

Michael Thor

By Michael Thor

Verified Expert at Protiviti

EXPERTISE

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

While the return-to-office decision is often framed in a straightforward manner — we believe collaboration, productivity and innovation flourish more...

Article

What is it about

The top priority for healthcare internal auditors this year is cybersecurity, according to a survey by Protiviti and the Association...

Article

What is it about

What to watch: President-elect Donald Trump will take office in January 2025 with Republican control of both the Senate and...

Search