If there’s a point to internal audit beyond fulfilling a compliance requirement, it seems as if corporate America is still trying to figure it out.
PwC’s 13th annual study on the state of the internal audit profession says internal audit is losing ground in meeting the expectations of key stakeholders. In 2016, 54 percent of those responding to PwC’s poll said they regarded internal audit as adding significant value to the organization. In 2017, that number has dropped to 44 percent, the lowest level PwC has recorded in the past five years.
Even among those who say they get significant value out of internal audit, half of those stakeholders said they want more value out of internal audit than they are getting now. While PwC’s survey findings from 2015 suggest more than half of internal audit stakeholders want internal audit to act as a trusted advisor to the business by 2020, only 9 percent of the 1,900 respondents to this year’s survey see internal audit in that role currently.
Acknowledging the pressures on internal audit to do more with less and meet ongoing compliance requirements, PwC says the takeaway for internal audit leaders is to get more engaged on disruptive risks, those rapid changes in the business or the business environment that lead to unexpected or unplanned consequences. “Capitalizing on those activities that drive value will be critical to reverse this downward trend in value perception,” PwC says.
Only 18 percent of those responding to PwC’s latest poll say their internal audit function plays a valuable role in helping companies anticipate and respond to disruptive events. The biggest disruptions identified in the study include new regulation, changes in the business model or corporate strategy, cyber-security and privacy threats, technology advancements, and financial challenges.
Through a series of interviews with survey respondents, PwC identifies what is regards to be the most common characteristics of the most agile internal audit functions, or those delivering the most value to their organizations. Such departments are both prepared and adaptive, the report says.
The most agile internal audit functions are active on a number of disruptive risks — not just a few and not just the more traditional disruptors — and they get involved early in disruptive cycles or events. They are more likely than less agile functions to provide advice on process and controls, provide a point of view on risk, participate in an oversight committee, audit risk monitoring or event management processes, assess business readiness to respond to disruption, and identify the potential for a disruptive event to occur, PwC says.