Internal Audit in brief

Welcome to the fifth issue of “Internal Audit In Brief” – the newsletter designed to give Internal Audit leaders a summary of the topical issues we are seeing in the market. In this edition we provide insights on the following topics:

• Management Information - Consumable and effective? 
  Many CEOs are questioning the scope and quality of the information they have available to support their strategic and operational decision-making, especially non-financial information. Internal Audit has a key role to play in assessing information flows, their accuracy and the adequacy of summarisation, presentation and consumability. Read more
  
• The Corporate Governance Code implemented into law in Belgium
  The law of 6 April 2010 on Corporate Governance includes two main items that will drastically influence corporate governance practice for listed and public companies in Belgium: 
  • the legal obligation to comply or complain with the Corporate Governance Code for Listed Companies (defined by the Royal Decree of 6 June 2010 as the sole code of reference for listed companies);
  • increased legislation on the remuneration committee, remuneration policy and remuneration transparency.Read more
  
• Treasury Weathering the financial storm? 
  Treasury risk management and, in particular, the ability to generate funding when required, have been key areas of increasing focus for commercial organisations in recent times. For many Internal Audit functions, developing the specialist skills required to review treasury functions is an increasing challenge as treasury risk management evolves in response to the economic downturn. Read more
  
• Bribery - Act now or pay later 
  The UK Bribery Act also affects non-UK companies doing business in the UK.
  With severe penalties for “failure to prevent”, this board-level issue presents some real challenges for Internal Audit functions around how to assess both design and operating effectiveness and ensure the organisation has “adequate procedures” in place to defend its position should a bribery offence occur. Read more
  
• Public Sector - Maximising Internal Audit value in times of uncertainty 
  With much of the burden for risk and control in the public sector residing with Internal Audit and Finance departments, Internal Audit should be more focused on those activities that will add more value to the organisation. By helping public sector management to embed a controls-conscious culture, and an aligned integrated risk and control framework, Internal Audit should be allowed to focus more on improving efficiency and identifying cost savings. Read more
  
• Global Survey - Responding to changing priorities 
  We would like to thank those of you who participated in PwC’s Global Internal Audit Survey. We have highlighted some of the key results in this survey article, but would encourage you to read the full publication. In general, the results support the notion that Internal Audit functions have effected significant change and that they have the right priorities, but that there are still  performance gaps in achieving the key attributes of high-performing Internal Audit functions. Read more
  
• Internal audit roundtable meetings

 

Management Information - Consumable and effective? 

Many CEOs are questioning the scope and quality of the information they have available to support their strategic and operational decision-making, especially non-financial information. Internal Audit has a key role to play in assessing information flows, their accuracy and the adequacy of summarisation, presentation and consumability.

Critical to the successful governance of any organisation is having access to the right information at the right time.

However, despite the effort being committed by many companies to their internal  reporting, CEOs and their teams are questioning the scope and quality of the information they have available to support their strategic and operational decision-making, in particular related to non-financial information

All too often the end result is management information that is incomplete, inaccurate, too financially focused and leaves too many questions unanswered.

To make matters worse, management will largely ignore poorly conceived   management information and start to add to the already abundant reporting with new material, which can only add to the confusion.

Many boards and audit committees question whether they have access to the right information, and how accurate it is, especially non-financial information.

Lack of clear direction

Management should be able to step back from the internal reporting that is already available, and objectively assess what is required to give visibility to the progress made towards achieving their strategic objectives. Developing tailored, focused and balanced reporting to enable a clear line of sight through the key elements of the business, and a clear understanding of business performance, should provide substantial value.

The role of Internal Audit

Escalation – Internal Audit can assess scheduled and ad-hoc information flows to determine whether the right information is getting to executives and board committees.

Accuracy – It is, of course, essential that executive management and the board have access to accurate management information. Internal Audit has a valuable role to play in assessing processes and controls over the accuracy of management information.

Summarisation and presentation – Internal Audit should assess whether key messages embedded in source information survive summarisation and presentation.

Consumability – Internal Audit can assess whether management information is digestible to the consumer. Executive management, boards and audit committees often struggle with the weight of reporting and are required to scan numerous pages of dashboards, traffic light reports and lengthy narratives to extract the really important pieces of information.  

More focused exception based reporting can be developed once a strong framework for reporting management information has been established: 

A good way to assess the strength of internal information systems is to ascertain how long it takes bad news to reach the top.

Step one – presentation of the framework and related change management process to executive management and the board. 

Step two – exception based reporting with brief management discussion to focus on what the information is highlighting about the business rather than just reporting the facts (ie discussion related to the reds and ambers, and not the greens).

For more information on this topic please contact Marc Daelman

Key Questions

• What scheduled and ad-hoc information flows to executive management and  the Board? How is this selected?
• What processes and controls are in place to ensure the accuracy of management information flows?
• How is information summarised and presented as it is escalated?
• How consumable is management information to the intended audience – is it truly exception based?

For more information, please contact Marc Daelman or Johan Ravijts

 
 

The Corporate Governance Code implemented into law in Belgium

The law of 6 April 2010 on Corporate Governance includes two main items that will drastically influence corporate governance practice for listed and public companies in Belgium:

• the legal obligation to comply or complain with the Corporate Governance Code for Listed Companies (defined by the Royal Decree of 6 June 2010 as the sole code of reference for listed companies);
• increased legislation on the remuneration committee, remuneration policy and remuneration transparency.

Increased transparency on governance and remunerations will be achieved through two new requirements in the statutory directors’ report of listed companies: a Governance Statement (as from 2010) and a Remuneration Report (as from 2011). Those disclosures were already included in the 2009 Corporate Governance Code, but were not legally required (i.e. directors’ responsibility) nor in the scope of the statutory auditors’ report.

Furthermore, this law requires listed companies to implement a Remuneration Committee as from 2011 (already a recommendation of the 2009 Corporate Governance Code), to have shareholders to approving (i) the Remuneration Report, (ii) golden parachutes over 12 months of indemnity, or over 18 months after proposal by the Remuneration Committee (can be subject to Workers’ Council recommendation), and (iii) employment contracts providing a variable remuneration for non-executive directors. It also introduces new rules for the variable remuneration of executives directors, managers and CEOs.

The content of the Corporate Governance Statement to be included in the 2010 directors’ report is similar to the one defined in the 2009 Corporate Governance Code (see 2009 annual report):

• the reference to the 2009 Corporate Governance Code, as well as relevant information on Corporate Governance practices going beyond this Code or legal requirements;
• an explanation of the reasons of non compliance with this Code, if any;
• a description of the main features of the company's internal control and risk management systems for financial reporting [also to be included in the directors’ report on consolidated financial statements];
• the shareholders’ structure at year-end;
• the following specific information that is likely to have an impact in case of take-over bid: (a) the holders of any securities with special control rights, and a description of those rights; (b) any restrictions on voting rights; (c) the rules governing the appointment and replacement of board members and amendments to the articles of association; (d) the powers of board members, and in particular the power to issue or buy back shares;
• a description of the composition and operation of the board and its committees (see also the 2009 Corporate Governance Code for a recommendation on the content of this description).

In addition, the following disclosures are still not legally required ("comply or explain" only) in the directors’ report, but recommended under the 2009 Corporate Governance Code:

• comments on the application of the policy established by the board on conflicts of interest, to the extent not covered by legal provisions;
• information on the main features of the process for evaluating the board, its committees and its individual directors;
• key features of any incentives granted in shares, options or any other right to acquire shares as approved by, or submitted to, the general shareholders' meeting.

The content of the Remuneration Report to be included in the 2011 directors’ report is similar to the one defined in the 2009 Corporate Governance Code (2009 and 2010 annual reports):

• a description of the procedure adopted for (i) developing a remuneration policy and (ii) setting the individual level of remuneration for directors, executive managers and CEOs;
• a statement of the company's remuneration policy for directors, executive managers, and CEOs (e.g. indication of the link between remuneration and performance);
• on an individual basis, the amount of the remuneration and other benefits granted directly or indirectly to non-executive directors;
• if an executive manager or CEO is also a member of the board, information on the amount of remuneration he receives in such capacity;
• if the executive directors and managers and CEOs are eligible for incentives based on performance, a description of the performance criteria and of the method applied to verify their achievement;
• the amount of the remuneration and other benefits granted directly or indirectly to the CEO (or main representatives of executive directors or managers)
• on a global basis, the amount of the remuneration and other benefits granted directly or indirectly to the other members of the executive management;
• for each executive directors and managers and CEOs, specified on an individual basis, the number and key features of shares, options or any other rights to acquire shares, granted, exercised or lapsed;
• individually, for executive directors or managers or CEOs, details of severance pay arrangements in the event of the departure of executive directors or managers, the justification and decision by the board of directors, on a proposal by the remuneration committee, whether the parties are eligible for a severance pay and the basis for calculating it;
• for the executive directors and managers and CEOs, the extent to which the company is entitled to demand reimbursement of variable remuneration granted on the basis of inaccurate financial information.

For more information, please contact Ingrid Loos or Alexis Van Bavel

 
 

Treasury - Weathering the financial storm? 

Treasury risk management and, in particular, the ability to generate funding when required, have been key areas of increasing focus for commercial organisations in recent times. For many Internal Audit functions, developing the specialist skills required to review treasury functions is an increasing challenge as treasury risk management evolves in response to the economic downturn.

Treasury risk management and, in particular the ability to generate funding when required, have been key areas of focus for commercial organisations in recent times. This has brought many organisations’ treasury activities to the forefront of the boardroom agenda.

PwC recently completed a global treasury survey of nearly 600 treasurers across a spectrum of industries and company sizes, which considered treasury’s reaction to the recent financial crisis. The survey shows that many treasurers were prepared, at least in part, for the effects of the crisis. However, few would claim to have been sufficiently prepared in all areas and all have drawn important lessons from the experience.

Rather than highlighting the need for new approaches, the crisis has underlined the importance of bringing established ‘best practice’ to the fore. Treasury functions currently have the opportunity to add value and some  treasurers have weathered the storm better than others. Here we have highlighted some of the key messages from the survey and what this could mean for Internal Audit functions. 

Resourcing 

The survey confirms that the best practice developed in the years prior to the crisis would have provided a solid foundation for dealing with its impact in areas ranging from liquidity and counterparty risk management to the volatility in commodity prices and foreign exchange rates and that the consequences of neglecting the treasury function can be devastating.

However, Treasury functions have traditionally been small, understaffed and under-funded departments.

In spite of the raised profile of treasury   teams and the sharply increased demands placed upon them, only a small proportion of the participants in PwC’s survey have been able to secure the extra resources and investment they need to help ensure the safety, liquidity and profitability of the businesses they serve.

Cash is king, again

‘Cash is king’ has been an enduring mantra. However, it would appear that many practitioners in treasury teams neglected the fundamentals of cash and liquidity management in favour of more exotic activities (including derivatives, structured bonds and merger and acquisition services). This situation has now reversed.

As access to liquidity declined, the proportion of survey participants rating ash management and working capital management as highly important has increased significantly (from 35% pre-crisis to more than 70% during  and after).

Funding and liquidity

Funding and liquidity continues to be the number one challenge for treasurers. Banks are more particular in terms of the organisations they will invest in and are increasingly risk averse, which is reflected in the increased fees charged to organisations – if they are willing to lend at all.

For many years, both businesses and banks have spoken of the importance of their long-term relationships, often based on an understanding that while funding is provided now, other more profitable business will follow.

The crisis tested these relationships to the extreme and in many cases they failed. 56% of treasurers rated bank relationships as highly important pre-crisis compared to 84% during the crisis. Developing an appropriate framework for monitoring the true nature of the bank relationship is essential.

The financial crisis has put treasurers in the hot seat as they strive to sustain liquidity in the face of unprecedented funding constraints and to safeguard the business against heightened credit, counterparty, commodity and foreign exchange risks.

Counterparty risk

A crucial aspect of a bank’s willingness to grant funding is, of course, its own financial strength. While it has long been known that a major bank could collapse, few treasurers believed this was sufficiently likely to lead them to actively monitor the resulting risks.

In the wake of the crisis, the probability of a major bank collapsing is seen as real and the impact of this risk is now better understood. The lesson companies have learned is how devastating this impact can be. More subtly though, treasurers have realised that banking counterparties do not necessarily need to collapse to withdraw funding or other services.

The survey shows that this is one of the areas where best practice has evolved the most as a result of the crisis. 82% of respondents viewed counterparty risk as either a medium or high priority during the crisis and saw this continuing post-crisis.

There has been an increase in sophistication in how credit risk is monitored and has evolved from reliance on credit ratings (which many now believe are too slow in reacting to changes) to also looking at more real-time indicators such as credit default swap spreads, equity prices and bond yields.

Shift from standardised to active financial risk management

Most organisations have a formal treasury policy with defined limits and parameters, which are used as the reference point for driving treasury activities. A standardised, mechanical hedging approach may prove insufficient in highly volatile or illiquid markets.

Rather than stand alone hedging, participants see working with the business    to manage risk more effectively as their main opportunity to add value over the next five years.

However, providing frontline teams with more advice and support is likely to require additional investment, both directly in analytical systems and the people to run them and in the automation needed to improve process efficiency and hence free up more time to work with the business.

There is a strong belief that investment in the tools and technology needed to support these activities will be critical in enabling treasury to prepare for future crises.

Training of Internal Audit departments on leading edge treasury practices should be considered.

Challenges for Internal Audit 

As highlighted above, there are opportunities as well as risks arising from the financial crisis and both should be considered as part of Internal Audit’s remit. This may require changes to the Internal Audit approach and focus on different angles.

Training of Internal Audit departments on leading edge treasury practices should be considered in order that adequate challenge can be provided against current best practice processes to evaluate areas of value leakage.

What is clear is that limiting testing to compliance with old treasury policies will no longer be appropriate if reviews are to be as effective as possible. Indeed, challenge of the ongoing effectiveness of the existing treasury policy may be the starting point.

For more information, please contact Damien Mc Mahon

 

Bribery - Act now or pay later 

The UK Bribery Act also affects non-UK companies doing business in the UK.

With severe penalties for “failure to prevent”, this board-level issue presents some real challenges for Internal Audit functions around how to assess both design and operating effectiveness and ensure the organisation has “adequate procedures” in place to defend its position should a bribery offence occur.

A recent development in the anti-corruption regulatory environment is the enactment on 8 April 2010 of the Bribery Act 2010 in the United Kingdom. Although it is UK legislation, the Bribery Act may have serious implications for European companies. Of particular note is that companies incorporated elsewhere and carrying on “a business, or part of a business” in the UK can be found guilty of the offence of failure to prevent bribery in the absence of what is referred to in the Act as "adequate procedures". This offence is designed to make companies responsible for bribery committed on their behalf by amongst others, its employees, agents or subsidiaries. This is a familiar concept also found in the US Foreign Corrupt Practices Act. A defence is available if it can be shown by the company that ''adequate procedures'' designed to prevent bribery were in place. These procedures will therefore need to be evidenced.

The Serious Fraud Office has indicated that it will use the “failure to prevent” charge as its weapon of choice. Sanctions include unlimited fines for companies and imprisonment of up to 10 years for individuals. In addition, they may be debarred from tendering for UK government contracts. But the reputational damage, professional fees and management costs of defending a bribery investigation could be even more significant for any company concerned.

Implementation of “adequate procedures”is key

A charge of failure to prevent bribery may be defended on grounds that the commercial organisation had “adequate procedures” in place at the time of the bribery offence. Accordingly, having adequate procedures in place will be critical in protecting  organisations, both by mitigating the risk of bribery occurring in the first place, and by helping to limit the damage if it occurs. This is not just about having good policies and delivering staff training (although these are important).

Implementation is key, and may involve a wide range of elements, including changing cultures, behaviours and processes, design and operation of preventive and detective controls, appropriate monitoring, audit and enforcement, alignment of employee sanctions and reward mechanisms, amongst others. Implementing an effective anti-bribery programme can be a significant  undertaking. It may also represent the best insurance policy a company will ever buy. And the time to ac now.

Anti-bribery programmes must get board level support

This should be a board level priority and many CEOs and audit committees are already somewhat up to speed as the Bribery Bill was well publicised. However, based on PwC reviews undertaken at some of the largest European companies, we estimate that only a small minority have what are likely to be deemed “adequate procedures” in place.

 A key starting point before an effective anti-bribery programme can be implemented is  a robust and comprehensive bribery risk assessment. Companies should undertake such a risk assessment as a precursor to an evaluation of the effectiveness of existing programmes and controls. Building on the risk assessment, companies should then carry out an honest evaluation of their existing anti-bribery programmes, identify any gaps and plan to remedy them as a matter of some urgency.

An Anti-Bribery Policy does not equal an Anti-Bribery Compliance Programme capable of evidencing ongoing and up to date controls and messaging around anti-bribery in support of a strong ethical culture/tone from the top. Any regulatory investigation into alleged bribery offences will look for evidence of the anti-bribery programme working in practice if a company wants protection from prosecution under the “adequate procedures” defence.

The challenge for Internal Audit

The Act presents some real challenges for Internal Audit functions around how to assess both design and operating effectiveness. Heads of Internal Audit in some organisations are being asked to take on either interim or permanent compliance responsibilities, raising questions about    self review threats. There will also be challenges around the training for Internal Audit teams that may lack experience and    in the assessment of softer aspects of an anti-bribery programme.

For more information please contact Rudy Hoskens

 

Public Sector - Maximising Internal Audit value in times of uncertainty 

With much of the burden for risk and control in the public sector residing with Internal Audit and Finance departments, Internal Audit should be more focused on those activities that will add more value to the organisation. By helping public sector management to embed a controls-conscious culture, and an aligned integrated risk and control framework, Internal Audit should be allowed to focus more on improving efficiency and identifying cost savings.

A key issue for the public sector is that all  too often much of the burden for addressing compliance and control safeguards falls on the Finance and Internal Audit community, with little, if any, time available  for value adding activities.

Aligning risk and control activity

Internal Audit should not take responsibility for acting as the first line of defence. Overall responsibility for risk management and control belongs in the hands of executive management, who need to be satisfied that it has the necessary tools in place to manage risks effectively.

Within the public sector, compliance and control activities are often seen as a burden, to budgets and management time, and associated with unnecessary cost and inefficiency. However, implemented and working effectively, internal controls embedded into every day processes should improve information reliability, decision making and operational performance. This is even more critical in times of cost reduction.

Internal Audit can help create a more comprehensive and understandable framework to assess, address and monitor organisational risks. By drawing more on the experience of best in class models, Internal Audit  should be able to help with:

• Better understanding the risks being faced by the organisation
• Ensuring management implement  appropriate compliance and control frameworks to address those risks
• Co-ordinating and integrating risk and control processes across the organisation
• Supporting integrated risk reporting to both senior management and board committees.

Thereafter, Internal Audit needs to bring risk and control skills to the front line to:

• Make those responsible for operating the day-to-day processes more control aware
• Equip fellow managers who do not have a control and risk background
• Proactively coach and encourage staff across the organisation to build a culture of compliance through risk and control consciousness.

Change programmes 

The public sector is likely to experience significant levels of operational and systems change in the coming years. Transformational actions will be essential as the public sector tackles the issue of fiscal consolidation. As new operations, systems and processes tend to drive the majority of control failures, so Internal Audit has a key role to play in ensuring that executive management implements change programmes effectively. Internal Audit could and should equip those responsible for directing change  programmes with appropriate risk management skills. For example, Internal Audit could challenge whether:

• A programme has clear goals with articulated benefits
• The information upon which decisions are being made is accurate
• Those running the programme have considered different ways of achieving  their goals
• The representatives on stakeholder and governance boards are experts in different facets of the project, and not merely interested in a successful outcome.

Improving efficiency and cost savings

Given the current environment, many Internal Audit functions will need to identify ways to increase efficiencies and save costs, both within their own teams and across their organisation. Although Internal Audit is more traditionally involved in assisting with identifying and rectifying control breakdowns, it could also act more proactively to help avoid such pitfalls arising in the first place.

Whilst reviewing processes and controls, Internal Audit can consider whether the same level of control can be achieved in a more efficient/cost-effective way, and whether there are any controls and processes in place that can be removed as they really do not add any value to the organisation. Analytic and forensic reviews can be an ideal way to identify cost savings, including areas such as duplicate payment reviews, contract compliance reviews, travel and expense policy compliance, etc.

Within Internal Audit departments, improved efficiency can often be achieved with the increased use of technology, or by employing a risk-based methodology approach to reduce the time spent on non-key areas.

Improving the soft skills of Internal Audit staff is essential, especially at senior levels, as the most effective Internal Audit professionals will be those that communicate well, engage meaningfully with their organisations, provide strategic insight and can proactively suggest relevant solutions (and not just highlight problems). Internal Audit thus needs to develop more facilitative consulting and business partnering skills, as it is those same advisory, consulting and communicating skills that will let Internal Audit operate at the top of the organisation as a genuine business partner (whilst still retaining appropriate independence).

Put simply, with 25-40% cost reductions anticipated over the next five years, there is an opportunity for Internal Audit to identify efficiency and cost savings and monitor associated change programmes, but Internal Audit must also ensure controls are built in to re-engineered, streamlined processes to ensure operational risks are managed as costs are reduced.

To read about further issues of debate within the government and public sector, please visit: www.psrc.pwc.com  or contact Serge Loumaye or Johan Ravijts.

Internal Audit functions will need to identify ways to improve efficiencies and save costs, both within their own teams and across their organisation.
 

Global Survey - Responding to changing priorities 

We would like to thank those of you who participated in PwC’s Global Internal Audit Survey. We have highlighted some of the key results in this survey article, but would encourage you to read the full publication. In general, the results support the notion that Internal Audit functions have effected significant change and that they have the right priorities, but that there are still  performance gaps in achieving the key attributes of high-performing Internal Audit functions.

Involving more than 2,000 participants from 55 countries, PwC’s “2010 State of the Internal Audit Profession Study” concluded that, to remain relevant and meet stakeholder demands, Internal Audit must evolve to an enhanced state that provides business leaders with actionable business risk intelligence. The key question the survey addresses is whether Internal Audit is delivering against changing priorities.

Improving relevance

Companies are keen to improve performance when it comes to monitoring and managing the risks that matter – the make-or-break risks that can spell fortune or failure for even the most powerful organisations. Business leaders must understand the events and shortcomings that drive risk, the effects risks may have on their organisation’s strategies and objectives, and the capabilities required to manage and mitigate the key risks.

Based on our survey results, it is clear that Internal Audit functions want to assist their management boards in this area, although practices vary widely. There is also a lack of a well-proven path and clear direction from management or directors on what the output and outcomes should be.

However, most organisations acknowledge that an Internal Audit function positioned to see across the entire organisation has the necessary vantage point to achieve meaningful change by acting as a catalyst for identifying and mitigating risk.

With regard to the profession’s current view on its changing priorities, the survey points to a number of areas of increasing focus in the audit plan over the next three years. For example, 91% of respondents said they plan to increase focus on the management of risk; 78% on regulatory and compliance, 78% on emerging risks; and a healthy 69% on strategic initiatives. Similarly high percentages plan to increase focus on information technology risks (83%) and operational risks (81%).

At the same time, perhaps somewhat surprisingly, 67% of respondents plan to increase focus on financial controls. Furthermore, 48% of all respondents plan to focus more on identifying cost savings or revenue enhancement.

Keeping pace with demand?

Given the expansion of scope and drive to deliver more value, the real challenge for many Internal Audit functions is characterised by budgeted headcount shortages (37% of respondents have vacant Internal Audit positions).

The survey also indicates that changing capabilities and skill sets are emerging.  68% of respondents ranked critical thinking and analysis as the most desirable capability for staff over the next three years, closely followed by knowledge of risk management approaches (67%), communication skills (63%), understanding the organisation’s strategy (61%) and specific technology experience (60%).

On the issue of filling identified skills gaps, 58% of respondents said that significant use of training for in-house staff would solve the problem.

However, with increasing focus expected in many areas, there appears to be little corresponding decline in other activities. Most functions will therefore be hard-pressed to meet growing expectations without radical change.

Attributes of high performance

When questioned about the attributes of high performing Internal Audit functions, by scoring a set of pre-defined attributes out of 10 for importance and current performance, the results point to a consistent acknowledgement that a focus on critical risks and issues, and aligning Internal Audit’s value proposition with stakeholder expectations, are ranked as the most important attributes, but also the areas of current performance where there is the greatest gap or room for improvement.

Two attributes were identified where the current performance exceeded the importance score of the attribute – these related to a cost-effective delivery approach and client service culture.

Driving efficiencies and saving costs

Many Internal Audit functions are employing, or plan to employ, various tactics to increase efficiencies. The survey data points to the use of technology being the number one efficiency initiative when looking ahead, yet in practice that has been hard to achieve (largely due to a lack of available skills), and even harder to clearly demonstrate (55% of global participants were either unable to calculate a benefit, or had seen no benefit from previous technology deployments).

Moves to improve efficiency: 69% of respondents already employing a risk-based approach to reduce the time spent on non-key areas, 69% of respondents are standardising audit procedures, and 58% are performing an  end-to-end examination of the audit process.

When it comes to organisation cost-cutting initiatives, only 37% of respondents reported that company-wide layoffs included Internal Audit. This may be because many functions are already operating below their budgeted headcount as they struggle to recruit quality staff.

Raising the bar 

As Internal Audit confronts new and continually changing needs and expectations, PwC believes the function must take a more radical approach to change than it has in the past. It must seize the initiative to redefine its role, and rethink the way it works.

The survey introduces the concept of "Internal Audit 2.0" to start organisations thinking about dramatic change. That  means expanding its skill sets and preparing to take a leadership role as a  more powerful resource for senior executives and the board in aligning  strategy with risk identification, control and mitigation.

The survey describes the following key areas Internal Auditors should focus on improving to achieve the vision of “Internal Audit 2.0”:

• Supporting corporate governance processes
• Continuing to elevate risk assessment
• Integrating further with non-financial risk and compliance functions
• Enhancing audit scope towards more value
• Closing the skills gap
• Responding to ongoing cost pressures
• Using technology more productively.

The 2010 survey data supports the notion that Internal Audit functions have made significant change and that they have the right priorities, but that there is still a critical performance gap in achieving the key attributes of high-performing Internal Audit functions.

As Internal Audit confronts new needs and expectations, it must take the initiative to redefine its role, expand its skill sets, and prepare to take the lead in meeting the challenges of today’s ever-changing business environment.

For more information, please contact Marc Daelman

 
 

Internal audit roundtable meetings

You are all invited to participate and share your views and experience during our internal audit round tables.

Lunch sessions are held in our Brussels office, where the topics will be introduced and there will be opportunity for discussion with your peers and with us.

• Internal audit roundtables for non Financial Services industries
• Internal audit roundtables for Financial Services industries

We very much hope that you will find this edition of interest.

Should you wish to discuss further any of the topics covered, or if we can help you in any way with the development and delivery of Internal Audit Services, please contact me or the PwC contact most relevant to your industry or concern.  Please also continue to share with us your views on “Internal Audit In Brief” and suggestions on how we can maximise its value to you going forward.

Best Regards,

Marc Daelman
Internal Audit Services Leader
marc.daelman@pwc.be
+32 2 710 7159

• Latest internal audit Newsalert
• Archives