Chief audit executives are wrestling with the reality that the compliance burden is growing right alongside the growing demand for more strategic or operational audit coverage.
In a Grant Thornton survey of 400 chief audit executives in the United States, half at public companies, audit executives say they are feeling the pinch of increased compliance requirements, such as Dodd-Frank and the Affordable Care Act along with rules on anti-corruption, government contracts, and payment card security, among others. Nearly 70 percent of audit executives said they expect their costs to increase this year as a result of increased regulation.
And they're not thinking just of newer regulations, but renewed focus on older rules as well, such as Sarbanes-Oxley. The Public Company Accounting Oversight Board has demanded more audit attention to internal control over financial reporting in recent years, leading 69 percent of chief audit executives to report in the survey they have changed their approach to SOX compliance as a result. In Grant Thornton's survey, 32 percent of chief audit executives said Sarbanes-Oxley is an extremely important or very important concern, and 69 percent said they have changed their approach to Sarbanes-Oxley compliance as a result of PCAOB scrutiny.
The struggle for the internal audit department is to determine how it can meet the growing compliance demand while also adding strategic value to the organization, says Warren Stippich, a partner and leader in the national governance, risk, and compliance practice for Grant Thornton. “Chief audit executives in particular are always being asked to do more, add more value, and be more strategic,” he says. “But companies don't just sprinkle more money on the internal audit department.”
Many companies, in fact, curtailed internal audit budgets during the economic downturn following the financial crisis, he points out. “There is a ton of work to do to manage compliance,” he says. “Now more than ever, there are new wrinkles in the additional compliance burden, but you can't take your eye off the new value-added ball.”
According to the survey, nearly 70 percent of executives report increased cost as the most significant impact to come from the added compliance burden, although 45 percent say the added regulation has improved their governance and rigor of testing. A significant 36 percent said they believe the added regulation is making it impossible for them to devote resources to higher-value audit activities.