The 13th annual edition of the State of the Internal Audit Profession study finds that half of the business executives surveyed want that the internal audit function play a more important role in the organizations, because this function has the ability to help stakeholders better manage unplanned or unanticipated events, also known as market disruptions.
“Organisations are facing an increase in the number and complexity of risks, which can have a major impact on the activities of companies. Stakeholders expect internal audit functions to help them navigate this changing landscape” says Mircea Bozga, Risk Assurance Leader, PwC South-Eastern Europe.
„Organizațiile se confruntă cu riscuri tot mai mari şi mai complexe, care pot avea un impact semnificativ asupra derulării activităţilor companiilor. Decidenţii din companii se așteaptă ca funcția de audit intern să-i ajute să navigheze în acest peisaj în schimbare”, a declarat Mircea Bozga, Risk Assurance Practice Leader, PwC Europa de Sud-Est.
“In a world of constant disruption, internal audit leaders need to think differently to accomplish more dramatic transformation and demonstrate their vitality. Particularly, they must be well-equipped to mitigate risk in several disruptive areas including regulatory changes, cybersecurity and changes to customer preferences — the disruptors most likely to impact businesses over the next three years”, added Mircea Bozga.
The report is based on nearly 1,900 respondents from organisations headquartered in 41 countries. 18% of them report that their internal audit functions play a valuable role in helping their companies anticipate and respond to business disruption – a subset of the pool which we’ve coined “Agile Internal Audit (IA) Functions.” Nearly nine out of ten stakeholders with Agile IA Functions report that internal audit is adding significant value.
The study uncovered two key traits that enable Agile IA Functions to lead in disruptive environments –preparedness and adaptiveness.
Agile IA Functions are forward-looking and able to identify emerging disruptions and associated business needs. They collaborate with other lines of defense in a unified and integrated manner and make decisions mutually supported by others in the organisation. To boost preparedness, internal auditors should:
- Build the eventuality of disruption into planning and risk assessment: 84% of Agile IA Functions are mindful of disruption and include the possibility as part of the audit plan development.
- Meaningfully collaborate with other lines of defense: 76% of Agile IA Functions cohesively work with other risk management and compliance functions to address disruption.
- Invest in and elevate business and technical IQ: 73% of Agile IA Functions provide Internal Audit with advanced technology and encourage the development of trending and analysis techniques.
Flexibility is key in Agile IA Functions—their processes must be transformative across audit plan development, audit planning, fieldwork and reporting. They should also use innovative talent models as needed and routinely reorganise or redirect resources according to disruption. To be adaptive, internal auditors should:
- Create more flexible processes and reporting mechanisms: 73% of Agile IA Functions change course and evaluate risk at the speed required by the business.
- Drive the use of data analytics and technology: 47% of Agile IA Functions have increased the use of data mining and data analytics for continuous auditing/monitoring of trends and potential impacts of disruption.
- Implement flexible talent models: 74% of Agile IA functions redirect/reorganise resources as needed to help the organisation manage or respond to disruption.
“To become a leading internal audit function likely means changing what internal audit is doing and where it’s focusing, such as using more frequent proactive risk evaluations in advance of disruptions. With an innovative vision of what internal audit can be, the function can deliver the greater value that stakeholders expect and need”, said Mircea Bozga.
 The respondents were made up of internal audit executives and stakeholder of internal audit, including audit committee members and chairs, board members, CFOs, CEOs, CCOs and CROs.
 Countries include: Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China/Hong Kong, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Ireland, Italy, Japan, Kenya, Luxembourg, Mexico, Namibia, Netherlands, New Zealand, Nigeria, Norway, Poland, Portugal, Russia, South Africa, Spain, Sweden, Switzerland, Turkey, Ukraine, United Arab Emirates, UK, US and Venezuela.
 This subset was created based on two criteria: (1) their company received significant value from internal audit’s involvement in disruptive events, and (2) their company defined internal audit’s value as contributing something more than executing effectively and efficiently on the audit plan.