Looking Ahead to 2011: What Does It Hold for Internal Auditing?

Richard Chambers, CIA, CGAP, CCSA, shares his personal reflections and insights on the internal audit profession.

It is that time of year again when bloggers have to choose whether to look back or look ahead. Looking back is much less risky. After all, analyzing the past is much easier than picking the future. As far as I’m concerned, there’s no point in giving you my views on what has happened. In short, it has been a much more encouraging year than the previous two years for both the global economy and our profession. Still, the question on everyone’s mind is whether 2011 will build on the progress of 2010, and at what pace. For what it’s worth, I’m prepared to go out on the limb and offer my predictions.

As far as internal audit resources go, I believe the year ahead will show continued progress. Without a doubt, 2008 and 2009 saw overall reductions in internal audit budgets and staffing worldwide. A recent IIA Audit Executive Center survey indicated that since 2007, more than 32 percent of internal audit functions worldwide have seen their budgets reduced. 2010 appears to have seen internal audit resources stabilize. When asked about the outlook for 2011, only 15 percent of respondents predicted further budget reductions while more than 38 percent predicted an increase in their internal audit budgets in the year ahead. The degree of optimism for 2011 tended to mirror the economic outlook by global regions; however, in virtually every region, anticipate that 2011 will be better on the resource front than 2010.

Internal auditing’s focus is also likely to continue evolving during 2011. As I’ve noted before, one of the most dramatic stories unfolding around internal auditing over the past two years has been a rapid reorientation of coverage. While much of the past decade was spent “banging away” on auditing financial controls, 2009 and 2010 have seen a resurgence of internal audit coverage in areas of such critical risks as operational, compliance, and fraud. The Center's survey results project the trend is likely to continue in 2011. When asked which areas internal auditors plan to increase coverage over further in 2011, the following areas were noted most often:

  • Operational risks – 51 percent.
  • Effectiveness of risk management – 48 percent.
  • Compliance risks – 45 percent.
  • Fraud risks – 44 percent.
  • Cost reduction or containment – 35 percent.

I believe the continued shift in internal audit coverage is correlated to the emerging risks in the areas indicated. Given that internal audit coverage should always be risk-based, this should not come as a surprise.

A number of additional trends are also likely to continue in 2011. Looking into my crystal ball, I predict:

  • Further emphasis on recruiting non-accounting talent into internal audit functions.
  • Continued quests by many internal auditors to enhance their knowledge of the business.
  • Increased involvement by internal auditing in promoting and assisting with the establishment of enterprise risk management.
  • A surge in the number of external quality assessments by internal audit functions (as the end of the second five-year compliance window closes for many functions).
  • Continued discussion/debate on how internal auditing can measure and report on the value it adds.

While I am encouraged by the outlook for our profession in 2011, I have to sound an important note of caution. I have seen at least two surveys recently on internal auditing’s stakeholders (management officials and board members) that may be signaling “storm clouds” on the horizon. In both surveys, respondents shared the view that internal auditing needed to “step up its game.” Stakeholders seem to be signaling a concern that internal auditing is not adding as much value as it should. On the part of a growing number of stakeholders, there seems to be an underlying mood that while internal auditing’s focus is shifting, it is not changing fast enough. Others appear to be frustrated by the heavy emphasis on assurance and the lack of knowledge of the company’s business/industry. Having been on the front lines of the profession for as long as I have, I have seen this trend before. I hope I am wrong, but I sense that the “warning flags” are being raised for the profession. In the year ahead, we at The IIA plan to monitor this closely, and offer appropriate advice and assistance wherever warranted.
 

Posted on Dec 15, 2010 by Richard Chambers

Share This Article:    

  1. Richard:

    Thanks for the great post.  It would seem to me that Internal Audit, including the IIA and IIA standards, needs to answer and address some fundamental questions to respond to stakeholder concerns:


    1. Does a company, all other things equal, have better risk management when work units and management are the primary risk/control analysts versus Interna Audit being the primary group doing documented risk/control assessment?  (i.e. IA does majority of formal risk assessment) Have IIA standards made the answer to this question clear?

    2. Does traditional internal audit provide robust support for the emerging requirement that boards must demonstrate they are formally overseeing the effectiveness of the company's risk management framework? Have IIA standards made it clear whether an IA function that is not aggressively responding to this new emerging requirement is, or is not, in compliance with professional practice standards?

    3. Can an IA department that is their company's primary mechanism to do formal risk assessments report on the effectiveness of that company's risk assessment framework under IIA IPPF?

    4.Accepting that your analysis above is right, it appears that risk management should be ranked ahead of control management.  Should the IIA signal which risk frameworks constitutes "appropriate criteria?  The Dec IIA PA on assessing risk uses ISO 31000 but makes it clear that the IIA does not "endorse" ISO 31000t. . Perhaps the COSO 92 rewrite should elevate COSO ERM to first position????

    Tim  

  1.  Richard:

    Thanks for the great post.I totally agree with your predictions for 2011. I would like to add that I expect further emphasis on accounting talents who are capable of handling databases and spreadsheet programming than those without these skills.

Leave a Reply