Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/18/2013
12:33 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

PwC 2013 "State Of The Profession Survey" Finds Strong Needs Exist For Internal Audit To Deliver More Value To Organizations

Study reveals that organizations have more work to do to align stakeholders’ expectations

NEW YORK, March 18, 2013 – As companies have come to accept that market volatility, complexity, political and regulatory changes are here to stay, internal audit functions have more opportunities to contribute to businesses in a truly meaningful way, according to the PwC US Internal Audit State of the Profession 2013 survey. However, according to survey respondents, before internal audit reaches for new heights, it must keep pace and continue to evolve its focus. Internal audit must also significantly improve its performance or risk losing relevance as other internal risk functions become more vital contributors in the risk management area.

Representing 18 industries and 60 countries, nearly 1,100 chief audit executives and more than 630 stakeholders, including CEOs, audit committee chairs, other board members and senior finance and risk managers, took part in this year's survey. Participants contributed their views on today's critical risks, the role they expect internal audit to play in addressing them and the performance of their enterprises' internal audit function.

"Our survey shows that 80% of respondents believe threats are increasing, yet only 12% think their own organization manages risk extremely well," said Dean Simone, Leader of PwC's U.S. Risk Assurance practice. "As risks increase, internal audit's coverage of risk and performance in emerging areas is critical, which provides internal audit with an ideal opportunity to demonstrate the value of the evolving profession. Internal audit must then aggressively increase its capabilities and add true value in risk areas most critical to the organization."

The study reveals that organizations have more work to do to align stakeholders' expectations and approach on coverage of critical risks, providing an opportunity for internal audit to deliver value outside of the traditional focus areas. Compared with management, board members are more likely to believe there are more risks and that they are growing faster, posing greater threats than there were a year ago.

"Audit committees and management expect more from internal audit, providing a huge opportunity for internal audit functions to be relevant contributors to protecting stakeholder value and the business from the most critical risks," said Jason Pett, Internal Audit Services Leader for PwC. "However, for internal audit functions to maximize their value to the organization, they must ensure alignment on multiple levels. There must be clear understanding and alignment of stakeholder expectations, alignment of internal audit focus on the highest risk areas and alignment of internal audit capabilities to the needs of today and those emerging needs of tomorrow. Only then can internal audit contribute to the organization in a way that establishes relevance and value in the eyes of all key stakeholders."

Companies are raising the bar on performance to contend with the ever-changing risk landscape, but are not raising the bar on internal audit at the same pace, according to PwC's survey. In addition, stakeholders are requesting increased capabilities with internal audit's contribution in emerging risk areas such as large program assessment, new product introductions, capital project management and mergers and acquisitions.

"Those with the right plan, appropriate resources and capabilities that are aligned with what stakeholders expect, will be recognized for their contribution. They will see increased access within the organization, and more opportunities to demonstrate value. As a result, they will multiply the value internal audit delivers," said Abhi Aggarwal, a principal in PwC's Risk Assurance practice.

PwC's survey indicates that high performing internal audit functions have excelled in four important areas. They demonstrate significantly stronger foundational capabilities, coordinate with their organization's governance, risk and compliance activities, more effectively incorporate emerging risk into audit areas and partner with those they serve by providing proactive advice and actively engaging with management in organizational initiatives. To help reach these new heights, PwC outlines the key steps audit committees, management and chief audit executives can take to enhance the value internal audit can and should deliver to organizations:

Audit Committee: Ask More Questions

Most audit committees consider oversight of risk management to be a primary responsibility. However, they should ask if the internal audit's actions align with critical business risks and if internal audit has established a clear, strategic plan to raise capabilities and deliver value.

Management: Expect More

Management teams should require their organizations to have a strong enterprise-wide risk assessment process, enabling management, internal audit and the board to have a productive and transparent discussion about risk management. Management should expect internal audit to have the skills necessary to contribute value in key risk areas.

Chief Audit Executives: Deliver More

Chief audit executives should have a strategic vision that aligns to stakeholder expectations, including an investment strategy such as investing in the right resources. They must also be prepared to respond, or proactively engage, in conversations with the board and management about the internal audit's performance.

There are opportunities for internal audit to demonstrate a more valuable contribution, but to do so, not only must every stakeholder have a role in helping internal audit move in the right direction, but there must be a well-thought plan and well-charted course. "Chief audit executives must get prepared, close performance gaps, and raise the bar on itself. Whether that is by increasing capabilities in new and emerging risk areas or delivering a greater level of service within those more traditional areas, the time is now for internal audit to take decisive action to strengthen their core performance and capabilities, resulting in value added contributions," continued Pett.

To download a full copy of the report, "PwC 2013 State of the Internal Audit Profession Study" please visit www.pwc.com/us/2013internalauditstudy.

About PwC's Risk Assurance practice

PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC's Risk Assurance practice has developed a holistic approach to risk that protects business, facilitates strategic decision making and enhances efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to meet the unique needs of clients.

About PwC US

PwC US helps organizations and individuals create the value they're looking for. We're a member of the PwC network of firms in 158 countries with more than 180,000 people. We're committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com/US.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-2916
PUBLISHED: 2019-11-15
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
CVE-2019-12757
PUBLISHED: 2019-11-15
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt t...
CVE-2019-12758
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
CVE-2019-12759
PUBLISHED: 2019-11-15
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicat...
CVE-2019-18372
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.