Article

Internal Audit: What’s Next?

By: Wa’el Bibi, CPA, CIA, CISA

First, I must admit that I have spent most of my professional career in public accounting firms performing external audits and tax consultation. Internal audit was not some thing I was interested in. However, this has changed after the corporate debacles in the US. I realized how an efficient, effective and value added internal audit can make a difference. Since then, I have developed deep interest in internal audit and watched how the profession is transforming and preparing itself to meet the challenges of tomorrow.

The Challenges

So, what are the challenges of tomorrow? These can be summarizes as follows:

Increasing high expectations from stakeholders (audit committee, management ...etc)

Diversity and complexity of risks facing organizations.

Difficulty in recruiting and retaining qualified auditors.

Rapid IT development.

Pressure to take more active role in fraud prevention.

New regulations and legislative changes.

Strengthen independence.

Enhance communication with executive management.

Ability to provide “real time” monitoring and continuous audits.

Reinforcing the value of internal audit.

Future Trends

As the profession gains momentum and recognition, internal auditors have started to think beyond traditional audits and Sarbanes – Oxley. They are asking themselves: where would we be in few years? And what would we be doing differently? I have been following how different parties are looking at the future of the internal audit function and I want to share it with you:

The Institute of Internal Auditors – UK and Ireland

A recent report entitled “Towards a blueprint for the internal audit profession” published by the Institute suggests that the core value-generating activities of internal audit work are the same now as they were in five years ago: providing assurance that the organisation’s risk management processes and its system of internal control are operating effectively; that it is managing its major business risks; and that its governance processes work

The report also highlighted a new value trend. There is a strong desire to take the independent and objective assurance that internal audit provides into new areas of the organisation. The report shows that internal auditors feel their remit should expand to include important risk areas – such as reputation, technology and projects, in order to provide assurance in areas that reflect the organisation’s needs, in addition to traditional areas of internal audit work. They also want to challenge management and act as a catalyst for improvement, using their knowledge of risk and control to improve business practices. Some of them do this already.

PricewaterhouseCoopers:

A study by PricewaterhouseCoopers (PwC) entitled “ Internal Audit 2012” suggests that the internal auditors of the future will add the provision of risk management assurance to the traditional assurance over internal controls .The study predicts that internal auditors will go through a change and will develop a risk-centric mindset. This means, according to the study, those internal auditors will adopt an all-inclusive, conceptual approach to audit, risk assessment and risk management that extends well beyond a narrow focus on controls. With such a mindset, internal auditors would increase their functional value at a time when risk assessment and risk management have become primary stakeholder concerns.

The study provides the below illustration of the shifting focus of internal audit:

KPMG:

A study by KPMG entitled “Internal Audit of the future” suggests that internal auditors will adopt an integrated assurance model which the study explains as follows:

Internal audit is experiencing a shift in its role from providing information to providing interpretation. It is offering and is being expected to offer, increased synthesis and analysis of information to help management identify themes, trends, and business challenges. Boards and their audit committees are seeking a “real- time” overarching view of the control environment from internal audit, rather than reports on individual areas of the business. Increasingly management also rely on internal audit to provide a conclusion on the effectiveness of the control environment.

E & Y:

A 2007 Global Internal Audit survey reveals that internal audit is in the middle of an evolutionary transition, facing great challenges as well as new opportunities.

The survey indicates that the number of companies where internal audit maintains the primary burden of testing internal control over financial reporting is still relatively high. The survey also indicates an increased focus on business and operational risks by internal auditors as well as on enterprise risk assessment.

What Do I Think?

Not much is left for me to say after we heard what the major players are saying! However, I still have a controversial prediction. I predict that, in ten to fifteen years, the independence, skills and role of internal audit will continue to strengthen until it reaches a stage when third parties (Investors, bankers, regularity bodies ...etc) will rely more on internal audit reports and opinions and less on that of external auditors.

Am I saying that external audit will diminish in the future? In my opinion, it is a possibility and I would like to start a debate about it. I know many parties will disagree with my prediction and some, may even, question my motives. I always like to describe myself as a product of international public accounting firms and as I mentioned in the introductory paragraph have spent most of my career with major public accounting firms performing external audits. It is my understanding of both types of audit that made me reach my prediction!

______________________________________________________________________

Bibliography

- The institute of Internal auditors, UK and Ireland: Towards a blueprint for the internal audit profession.

- PricewaterhouseCoopers: Internal audit 2012.

- KPMG: Internal audit of the future.

- E & Y: 2007 Global internal audit survey.

Home
Mission Statement
Company Profile
Our Services
Internal Audit
Tax Update
Publications
Audit Samples
Links
Contact Us

The 20th – century internal audit model

Controls assurance based on cyclical or routine audit plans

Today’s typical internal audit model

Controls assurance based on risk –based audit plans

The risk –centric internal

audit model for tomorrow

Assurance on the effectiveness of risk management in addition to control assurance

Bibi Consulting