NEW YORK, March 18, 2013 /PRNewswire/ -- As companies have come to accept that market volatility, complexity, political and regulatory changes are here to stay, internal audit functions have more opportunities to contribute to businesses in a truly meaningful way, according to the PwC US Internal Audit State of the Profession 2013 survey. However, according to survey respondents, before internal audit reaches for new heights, it must keep pace and continue to evolve its focus. Internal audit must also significantly improve its performance or risk losing relevance as other internal risk functions become more vital contributors in the risk management area.
Representing 18 industries and 60 countries, nearly 1,100 chief audit executives and more than 630 stakeholders, including CEOs, audit committee chairs, other board members and senior finance and risk managers, took part in this year's survey. Participants contributed their views on today's critical risks, the role they expect internal audit to play in addressing them and the performance of their enterprises' internal audit function.
"Our survey shows that 80 percent of respondents believe threats are increasing, yet only 12 percent think their own organization manages risk extremely well," said Dean Simone, Leader of PwC's U.S. Risk Assurance practice. "As risks increase, internal audit's coverage of risk and performance in emerging areas is critical, which provides internal audit with an ideal opportunity to demonstrate the value of the evolving profession. Internal audit must then aggressively increase its capabilities and add true value in risk areas most critical to the organization."
The study reveals that organizations have more work to do to align stakeholders' expectations and approach on coverage of critical risks, providing an opportunity for internal audit to deliver value outside of the traditional focus areas. Compared with management, board members are more likely to believe there are more risks and that they are growing faster, posing greater threats than there were a year ago.
"Audit committees and management expect more from internal audit, providing a huge opportunity for internal audit functions to be relevant contributors to protecting stakeholder value and the business from the most critical risks," said Jason Pett, Internal Audit Services Leader for PwC. "However, for internal audit functions to maximize their value to the organization, they must ensure alignment on multiple levels. There must be clear understanding and alignment of stakeholder expectations, alignment of internal audit focus on the highest risk areas and alignment of internal audit capabilities to the needs of today and those emerging needs of tomorrow. Only then can internal audit contribute to the organization in a way that establishes relevance and value in the eyes of all key stakeholders."
Companies are raising the bar on performance to contend with the ever-changing risk landscape, but are not raising the bar on internal audit at the same pace, according to PwC's survey. In addition, stakeholders are requesting increased capabilities with internal audit's contribution in emerging risk areas such as large program assessment, new product introductions, capital project management and mergers and acquisitions.
"Those with the right plan, appropriate resources and capabilities that are aligned with what stakeholders expect, will be recognized for their contribution. They will see increased access within the organization, and more opportunities to demonstrate value. As a result, they will multiply the value internal audit delivers," said Abhi Aggarwal, a principal in PwC's Risk Assurance practice.
PwC's survey indicates that high performing internal audit functions have excelled in four important areas. They demonstrate significantly stronger foundational capabilities, coordinate with their organization's governance, risk and compliance activities, more effectively incorporate emerging risk into audit areas and partner with those they serve by providing proactive advice and actively engaging with management in organizational initiatives. To help reach these new heights, PwC outlines the key steps audit committees, management and chief audit executives can take to enhance the value internal audit can and should deliver to organizations:
Audit Committee: Ask More Questions Most audit committees consider oversight of risk management to be a primary responsibility. However, they should ask if the internal audit's actions align with critical business risks and if internal audit has established a clear, strategic plan to raise capabilities and deliver value.
Management: Expect More Management teams should require their organizations to have a strong enterprise-wide risk assessment process, enabling management, internal audit and the board to have a productive and transparent discussion about risk management. Management should expect internal audit to have the skills necessary to contribute value in key risk areas.
Chief Audit Executives: Deliver More Chief audit executives should have a strategic vision that aligns to stakeholder expectations, including an investment strategy such as investing in the right resources. They must also be prepared to respond, or proactively engage, in conversations with the board and management about the internal audit's performance.
There are opportunities for internal audit to demonstrate a more valuable contribution, but to do so, not only must every stakeholder have a role in helping internal audit move in the right direction, but there must be a well-thought plan and well-charted course. "Chief audit executives must get prepared, close performance gaps, and raise the bar on itself. Whether that is by increasing capabilities in new and emerging risk areas or delivering a greater level of service within those more traditional areas, the time is now for internal audit to take decisive action to strengthen their core performance and capabilities, resulting in value added contributions," continued Pett.
About PwC's Risk Assurance practice PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC's Risk Assurance practice has developed a holistic approach to risk that protects business, facilitates strategic decision making and enhances efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to meet the unique needs of clients.
About PwC US PwC US helps organizations and individuals create the value they're looking for. We're a member of the PwC network of firms in 158 countries with more than 180,000 people. We're committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com/US.