The data is still being tallied, but an upcoming report from the Institute of Internal Auditors will tell chief audit executives they will gain greater confidence from their stakeholders if they are willing to dig deeper into some areas of risk that have fallen on priority lists in recent years.
Risks in company communication, for example, and risks in environmental, health and safety have not gotten the same headline attention in recent years as other emerging areas, the IIA report will say. Internal audit would also do well to dig into areas like the company’s use of data analytics and the interpersonal dynamics between internal audit and the clients it serves.
The 2017 North American Pulse of Internal Audit will be released in connection with the IIA’s annual national conference in March. The report summarizes the results of the IIA’s most comprehensive annual survey to assess the state of the internal audit profession.
In 2016, the IIA survey focused audit leaders on taking bold moves to look into emerging areas such as auditing corporate culture or increasing skillsets to audit the company’s response to cyber-security risks. That report was based on responses of nearly 500 chief audit executives, nearly 40 percent of whom worked in public companies.
The 2017 report will encourage internal audit executives to take a deeper look at those four risk areas that are deemed overlooked in many organizations as a way to demonstrate strong leadership and build confidence in the work of internal audit. “Courage is a character trait many top audit leaders exhibit, not just in dealing with the pressures inherent to the job, but also in addressing areas that may be taboo or historically overlooked,” said Richard Chambers, president and CEO of the IIA. “We believe this demonstration of fortitude by CAEs helps build a poised and assertive audit function that is valued by stakeholders and benefits the entire organization.”
With respect to communications, the upcoming report will say two-thirds of audit and risk executives have concerns regarding reputational risks associated with inaccurate, incomplete, or misleading information via non-traditional or informal communications channels, but only 9 percent provide assurance in that area beyond review of formal financial reports.
In the area of environmental, health and safety, the IIA says U.S. organizations paid more than $1.3 billion in fines in 2015 to the U.S. Environmental Protection Agency or the Occupational Safety and Health Administration, yet less than half of audit executives said they provide coverage for those risks in their audit plans.