LAKE MARY, Fla. (March 13, 2023) – The past year has seen internal audit staffing and budgets continue their recovery to pre-pandemic levels as organizations contend with an increasingly broad risk landscape. That’s according to The Institute of Internal Auditors (IIA) 2023 North American Pulse of Internal Audit Survey, which included responses from more than 550 internal audit leaders.
The survey found that technology was a primary driver of risk, with cybersecurity cited by 78% of respondents as being a high/very high risk to their organization, followed by IT (57%), and third-party relationships (51%), which often include IT. The cluster of technology related risk across the top three spots was largely consistent across privately held and publicly traded companies, financial and public sectors, as well as not-for-profit organizations.
“We consistently hear from our members that technology is the number one driver of risk in today’s increasingly complex business landscape, across organizations of all shapes and sizes,” said Anthony Pugliese, CIA, CPA, CGMA, CITP, President and CEO of The IIA. “Modern business is more technology-reliant than at any point in history. Along with the opportunities that accompany rapid growth in artificial intelligence, digital data storage, and cryptocurrencies, we see similar growth in risks related to data privacy, cybersecurity, and biases in artificial intelligence, to name a few. Internal auditors and organizations around the world recognize that technology is both the single largest driver of both opportunity and risk.”
Budgets and staffing levels continue to recover
The past 12 months saw positive trends for budgets and staffing, with overall budget increases outpacing decreases by more than 3-to-1 (38% vs 12%), the highest ratio in Pulse’s 15-year history.
Internal staffing budgets increased for 45% of audit functions. Professional development budgets increased for 21% of functions, a significant increase compared with 8% last year. Travel budgets increased for 24% of functions compared to just 4% last year, indicating a continued return to on-site visits post-COVID.
New for 2023: Audit frequency and focus
New to this year’s survey, CAEs were asked about the frequency of their audits. Nearly 70% of audit functions review high risk areas such as cybersecurity and IT annually or continuously.
Also new for 2023, CAEs identified which risks they consider when conducting audit engagements in general. The responses found that auditors often take a holistic approach and consider a broad range of issues. Fraud (90%) was the most frequently cited consideration, followed by IT (80%), Cybersecurity (66%) and Governance and Culture (65%). The survey found that 22% of respondents considered sustainability risks, reflecting both the increased importance of environmental issues and their potential for scrutiny.
“The IIA’s Pulse survey is a valuable resource for the profession, largely because it strikes a balance between benchmarks from past surveys and issues we’re delving into for the first time,” said Harold Silverman, CIA, CRMA, QIAL, CPA, Director CAE and Corporate Governance Engagement, IIA. “I encourage CAEs to use these survey results to benchmark against their peers to better understand how their audit function compares to similar organizations.”
Download the full Pulse report.
About The Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is an international professional association that serves more than 230,000 global members and has awarded more than 185,000 Certified Internal Auditor (CIA) certifications worldwide. Established in 1941, The IIA is recognized throughout the world as the internal audit profession's leader in standards, certifications, education, research, and technical guidance. For more information, visit theiia.org.