This article follows my recent publication which highlighted the key findings from PwC’s ‘State of the Internal Audit Profession’ survey published in March 2015. In this article, I have highlighted the key findings from the survey related to companies in the financial services industry.
The results of the survey show that the critical issues facing financial institutions today are affecting their entire business. Particularly, the industry continues to face regulatory reform and rapidly growing regulatory demands and expectations, combined with pressures to implement cost-effective technologies, acquire talent, deal with changing customer behaviours.
Meet increasing demands from stakeholders are forcing financial institutions to rethink business strategies, which inherently introduces new risks.
Transformation and risks
The volatile business environment in which financial services companies operate in today is prompting them to transform their operations. Transformation comes hand in hand with new risks. The survey showed that 70 per cent of financial services participants believe risks to their companies are increasing either significantly or moderately, and only three per cent said risks were decreasing.
More than 360 chief audit executives (CAEs), senior management, and board members who participated in the survey revealed that stakeholder expectations of internal audit performance are rising as financial services institutions react to increased regulatory scrutiny and pressure.
As expectations and the demands on internal audit functions rise, the bar for defining “significant value” also rises, forcing internal audit functions to elevate their performance in order to remain relevant to their organisations.
The majority of financial services survey respondents report they have not reached that level of value. When asked to define the contribution their internal audit functions are providing, the majority said their internal audit departments were either delivering objective assurance on the effectiveness of internal controls (28 per cent) or delivering a combination of objective assurance and problem solving by performing analysis and offering perspective on the root causes of issues (37 per cent).
Just 10 per cent of financial services respondents identified their internal audit function as being a trusted advisor, providing value-added services and proactive strategic advice for the business well beyond the execution of the audit plan.
Future of internal audit
In line with companies’ heightened expectations, stakeholders and CAEs alike expect internal audit to evolve to be a proactive contributor to business initiatives.
Within the next five years, the majority of financial services stakeholders and CAEs (54 per cent) expect internal audit to move up the value spectrum and become a Trusted Advisor.
To add significant value and become a trusted advisor, an internal audit department must look beyond effective and efficient execution of the audit plan in order to incorporate other value-added services, including providing strategic advice.
The study also shows that among internal audit functions adding significant value, 92 per cent said their companies’ risk management programme was fully aligned with internal audit. Eighty-one per cent of respondents agree with the statement, “We do our best to determine all the risks associated with our growth strategy, and we focus our efforts on mitigating risks once we’ve put our plans into action.”
In an environment in which financial services companies are pressured to evolve on many fronts, internal audit functions must evolve as well and raise the bar on the levels of performance and value they deliver for their organisations.
IA strategic plan
To make the journey, CAEs and other stakeholders must begin to assess how and where internal audit should be contributing, with a vision that challenges the status quo and pushes internal audit to think beyond standard objectives and deliverables.
That vision comes to life by way of an internal audit strategic plan which charts a path to where the function should move, not constrained by current limitations.
This new vision almost always begins with a mind-set shift. Such a plan will include a focus on the right risk at the right time, intentional and proactive talent development, alignment with other lines of defence, and the use of data throughout the internal audit life cycle.
It is important for internal audit to have a strategic plan to complement the audit plan. This plan must focus on what internal audit needs to do to continue to evolve, improve and deliver value.
I believe that management and audit committee support is imperative if internal audit is to raise its performance and value. Such support will be achieved if internal audit performs well across the identified focus areas.
Internal audit needs to be forward-thinking and risk focused, demonstrate understanding of the business through a diverse team of professionals and align with the organisational risk management framework.
Thus, progressing in those high-priority areas is fundamental to internal audit remaining a valuable contributor to the business and keeping pace with the rapidly changing business environment.