Tag: internal audit

Are the insights of internal auditors about risk getting through to boards?

Internal auditors are worried that boards are not paying enough attention to—wait for it—internal auditors. Probably most often, we consider the internal audit function in the context of financial reporting, but its brief can extend to many other risk areas.  To be sure, the speed of technological development and disruption has accelerated the development of risks—exhibit one being the development of the internet, which has led to risks related to cyberattacks and privacy. A 2019 report regarding a survey by the Institute of Internal Auditors of over 500 chief audit executives (CAEs) concluded that these developments “place an even higher value and urgency on assuring that boards have complete and accurate information on which to base their decisions…. In today’s dynamic risk environment, CAEs must do more than simply understand and fall in line behind the board’s view on risk. This new outlook must center on assuring the board has a comprehensive and unencumbered understanding of the organization’s risk universe.” Nevertheless, according to the President and CEO of the IIA, CAEs responding to the survey said that “internal audit rarely reviews information provided to the board, with 6 in 10 [CAEs] reporting they provide such assurance only for unusual situations, or never.” As a result, there were “serious questions about whether internal audit’s insights and recommendations are getting through to boards.”