MENLO PARK, Calif., March 20, 2012 /PRNewswire/ -- Increasingly, internal audit professionals must possess a strong understanding of hot areas of technology such as cloud computing and social media – and the risks they bring – in order to perform their jobs at a high level, according to a new study from Protiviti (www.protiviti.com), a global consulting firm. However, many internal auditors say their technology IQ could be improved a few points, both in understanding new technologies and employing technology-enabled auditing processes.
With a focus on technology, the sixth edition of Protiviti's Internal Audit Capabilities and Needs Survey (www.protiviti.com/IAsurvey) assesses internal auditors' skills and knowledge, and identified those competencies most in need of improvement. More than 800 internal audit professionals from around the world participated in the survey.
"Technological advancements in virtually every organization are creating new challenges and opportunities for internal audit professionals," said Brian Christensen, Protiviti executive vice president and head of global internal audit for the firm. "Not only must internal auditors enhance their knowledge and understanding of new technologies and how they support the business, but they also must leverage these technologies to perform their jobs more effectively."
Key Findings of the 2012 Survey When it comes to general technical knowledge, internal auditors rank social media applications and cloud-based computing as their number one and two business priorities and the areas where their skills are most in need of improvement, according to survey results. These findings are a change from one year ago when IFRS and GTAG 13 (Global Technology Audit Guide) – Fraud Prevention and Detection in an Automated World – topped the same list. "Unlike some other areas of technology, social media and cloud-based applications are often used across an entire organization and that creates new enterprise-wide risks," Christensen said. "As usage continues to grow, the internal audit function – in partnership with executive management – is being challenged to identify, assess, monitor and mitigate these new and emerging risks appropriately."
Other key findings include:
There is significant potential for improvement via technology-enabled audit. One in three organizations does not utilize software applications to administrate its audit processes. Among those that do, 27 percent use only basic word processing or spreadsheets (more than any other tools). Of those that do not, just one in four plan to implement such a tool within the next 12 months.
In looking at the use of technology in auditing business process controls, respondents ranked "IT asset management" as a top area for improvement. "Internal audit's role in auditing and testing controls related to policies for technology tools and devices is critical to managing the associated risks," Christensen said. "There's significant cost associated with IT assets. Even a relatively small percentage of 'loss' in terms of hardware or data could result in significant financial losses and, in the event of a security or data breach, potentially devastating effects in terms of regulatory noncompliance and reputation loss."
A surprisingly large number of organizations (60 percent) do not leverage data analysis or technology-enabled audits to prevent fraud. However, more than half of all organizations use these processes to detect, monitor and investigate fraud.
Consistent with findings from previous years of the study, survey respondents said the audit process they most need to brush up on is the use of continuous auditing and computer-assisted auditing tools (CAATs).
In terms of soft skills, survey respondents said their top priority is becoming better at networking, including developing outside contacts. This is an indicator of the value internal audit executives and professionals see not only in developing best practices, but also in learning from other high-performing organizations.
The Internal Audit Capabilities and Needs Survey was conducted through in-person and online surveys in the fall of 2011. The survey included nearly 200 questions in three categories from past surveys – General Technical Knowledge, Audit Process Knowledge, and Personal Skills and Capabilities – as well as a new section, Technology and the Audit Process. Participants included chief audit executives, internal audit directors, managers, and staff from publicly traded, private, government, educational and nonprofit organizations. To download a complimentary copy of the survey report, visit: www.protiviti.com/IAsurvey.
Webinar and Podcast to Explore Results Further Protiviti's Christensen – along with Managing Directors Bob Hirth and David Brand – and guest speaker Robyn Arnell, vice president and chief audit executive, of Starwood Hotels and Resorts Worldwide, Inc., will reveal other key findings and explore survey trends and historical data during a complimentary 90-minute webinar on March 27 at 11:00 am PDT. To register for "Internal Audit Capabilities & Needs: Where Do You Rate?" please visit: www.protiviti.com/webinars.
Additionally, Protiviti has produced a podcast that offers Brian Christensen's analysis and commentary on the findings in the survey. Please visit www.protiviti.com/podcasts to listen or download the podcast.
About Protiviti Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, Protiviti has served more than 35 percent of FORTUNE® 1000 and Global 500 companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.
Protiviti is a wholly owned subsidiary of Robert Half International Inc. (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.