A recent annual survey on the state of the internal audit profession provides new evidence that internal auditors are looking to redefine their role in how organizations assess and manage their risks.

A study of 2,000 internal auditors in late 2009 revealed assessing risk for the board of directors is among the more common activities performed by internal audit departments, yet there’s plenty of room for more involvement, and at a more strategic level.

Only 20 percent of respondents said their internal audit department helps assess the company’s risk appetite and tolerance, and only 43 percent assess emerging risks. More than half, however, assess the effectiveness of risk mitigation initiatives, and 65 percent assess key enterprise risks.

The most recent PricewaterhouseCoopers study of the profession found internal auditors generally recognize they need to provide business leaders with actionable business risk intelligence, said Brian Brown, principal at PwC and leader of the firm’s internal audit advisory services. The financial crisis exposed weak spots in corporate risk-management practices, so companies are turning to internal auditors for leadership, he said.

Brown said the study suggests internal auditors should focus on three key areas to better meet corporate demands—critical risks and issues, stakeholder expectations, and staffing. “Those priorities are right,” he said. “Those are the areas where internal audit departments are having the biggest gaps.”

Respondents generally said they planned to use more technology and training to beef up staff skills in assessing risk, but Brown said they may be overlooking an important approach in improving internal audit’s perspective on risk. “I think internal auditors need to give more consideration to bringing in people with non-audit business experience,” he said. Internal audit functions would benefit from the insight that might be gained from professionals who have more operational experience in the business, not to mention the credibility that perspective would bring to the internal audit process, he said.

Topics