Twitter Facebook LinkedIn Flipboard 0 Earlier this year, PwC reported (in their 2013 State of the Internal Audit Profession) a significant gap between the expectations of the board and the performance of the internal auditing activity. Now, the software firm of Thomson Reuters Accelus has released their own State of Internal Audit 2013 that may explain why. According to Thomson Reuters, the #1 area to which internal auditors are devoting their attention – and expect to continue to focus in the future – is “assurance on internal control processes”. Assurance on the effectiveness of either risk or governance processes barely merits a blip on the radar, according to their report. Now unless Thomson Reuters has a major flaw in their survey, this seems to say there is a major flaw in the priorities of internal audit departments across the globe. While IIA Standards and modern practices dictate that internal audit should “evaluate and improve the effectiveness of risk management, control and governance processes”, CAEs are satisfied with only providing assurance on internal control and boards are failing to demand that their CAEs step up. It is not enough to answer surveys and show dissatisfaction. Boards need to act and demand more. When CAEs fail but don’t change, that is a failure of the board. Let’s take the challenge to the next level…. Risk is the effect of uncertainty on objectives (per both COSO and ISO). So, let’s not just report that the level of risk is or is not higher than desirable. Let’s let the board and management know which objectives are at greater risk. Sometimes, they need to change their objectives! I welcome your comments: Do you agree it is well past time to stop providing assurance on internal controls and start providing assurance on the effectiveness of the organization’s processes for managing the risks to objectives? Do you agree that internal audit should start being specific about which objectives are affected instead of making the board and top management guess by only reporting on risk? Twitter Tweet Facebook Share Email This article originally appeared on Innovation and has been republished with permission.Find out how to syndicate your content with B2C Author: Norman Marks Follow @normanmarks Norman Marks, CPA, CRMA is an evangelist for “better run business”, focusing on corporate governance, risk management, internal audit, enterprise performance, and the value of information. He is also a mentor to individuals and organizations around the world. Norman was the chief audit executive of major global corporations for twenty… View full profile ›More by this author:A Call For Internal Audit ChangeGuidance for Directors on Disruptive ChangeRisk Management Challenge – The Answer