Survey finds internal audit risk assessments inconsistent Year: August, 2007 The report suggests that internal auditing needs to identify areas of high and moderate risk that are part of the internal audit plan but have been deferred or cancelled because of the organization's focus on Sarbanes-Oxley Section 404. It recommends that chief audit executives (CAEs) revisit the budgets, skills, and capabilities needed to achieve a comprehensive, balanced, and risk-based approach to auditing, as well as develop a process to advise the audit committee and senior management about emerging risks. In other findings, internal audit leaders say their greatest challenge is finding enough qualified talent to address the growing and increasingly complex needs of their stakeholders. To help address this problem, rotational staffing has become a key source of talent for more than 80 percent of respondents from Fortune 500 companies. Additionally, the report notes that audit departments are using report ratings, such as satisfaction or number scales, with mixed results. Although many CAEs say ratings allow them to communicate the potential level of exposure and risk associated with audit findings, 56 percent say ratings often create friction at their organizations and slow down the audit process. Finally, 43 percent of respondents use some form of continuous auditing or monitoring in their audit operations. The PwC report is available from the company's Web site, www.pwc.com/internalaudit. Reference:
http://findarticles.com/p/articles/mi_m4153/is_4_64/ai_n27348378/ PwC Study: Internal Audits Lack Strategy for Risk Assessment Year: May 21, 2007 There continues to be a lack of consistency around the assessment of risk by internal auditors, according to the third annual study of current issues for the internal audit profession conducted by PricewaterhouseCoopers. A number of divergent and conflicting trends related to risk assessment are a concern among internal audit executives. Although there is growing interest in enterprise risk management (more than 80 percent of respondents reported they conduct an annual enterprise-wide risk assessment), only a handful of those surveyed said they update the internal audit risk assessment continuously, while 64 percent may be doing little or nothing between annual assessments. At one-third of the companies surveyed, multiple enterprise-wide risk assessments are being conducted across the organization. Of this group, only 20 percent consider these assessments "well" aligned, while 50 percent said they are "somewhat" aligned and 30 percent said they are "not well" aligned, with little or no coordination among the parties making the assessments. PwC said six imperatives should be considered when strengthening the internal audit risk assessment process, as suggested by the study: Adopt a process approach to risk assessment and planning. Supplement annual risk assessments with quarterly or more frequent updates. Leverage your prior assessment results.
Align and leverage risk assessments.
Seek out the specialized talent you need.
Coordinate effectively with other risk management groups. "Today, there is a growing awareness among chief audit executives of the importance of linking risk assessments and effective audit coverage," said Richard Chambers, managing director with internal audit services at PwC. "To help strengthen risk management within their companies, audit groups must focus on assessing risk on an ongoing basis and continue to monitor and update their enterprise-wide risk assessments." In the areas of finance, compliance, and operations -- sectors that might be characterized as traditional areas of focus for internal audit -- respondents expressed fairly high degrees of confidence (64, 49, and 43 percent respectively) in their audit coverage of these types of risks. However, they were significantly less confident...
Please join StudyMode to read the full document