Business & FinanceStrategy

Internal Audit Has To STOP Focusing On Internal Controls

Disclaimer Please note that we are not authorised to provide any investment advice. The information on this page should be construed for information purposes only. We may earn commissions from the products mentioned on this site.
author imageJay Leonard Last updated:

Earlier this year, PwC reported (in their 2013 State of the Internal Audit Profession) a significant gap between the expectations of the board and the performance of the internal auditing activity.

Now, the software firm of Thomson Reuters Accelus has released their own State of Internal Audit 2013 that may explain why.

Internal Audit Has to STOP Focusing On Internal ControlsAccording to Thomson Reuters, the #1 area to which internal auditors are devoting their attention – and expect to continue to focus in the future – is “assurance on internal control processes”. Assurance on the effectiveness of either risk or governance processes barely merits a blip on the radar, according to their report.

Now unless Thomson Reuters has a major flaw in their survey, this seems to say there is a major flaw in the priorities of internal audit departments across the globe. While IIA Standards and modern practices dictate that internal audit should “evaluate and improve the effectiveness of risk management, control and governance processes”, CAEs are satisfied with only providing assurance on internal control and boards are failing to demand that their CAEs step up.

It is not enough to answer surveys and show dissatisfaction. Boards need to act and demand more. When CAEs fail but don’t change, that is a failure of the board.

Let’s take the challenge to the next level….

  • Risk is the effect of uncertainty on objectives (per both COSO and ISO).
  • So, let’s not just report that the level of risk is or is not higher than desirable.
  • Let’s let the board and management know which objectives are at greater risk. Sometimes, they need to change their objectives!

I welcome your comments:

  • Do you agree it is well past time to stop providing assurance on internal controls and start providing assurance on the effectiveness of the organization’s processes for managing the risks to objectives?
  • Do you agree that internal audit should start being specific about which objectives are affected instead of making the board and top management guess by only reporting on risk?

  This article was written for Business 2 Community by Jay Leonard.
Learn how to publish your content on B2C

Join our Telegram channel to stay up to date on breaking news coverage

author image

Author: Jay Leonard

Jay is a UK-based cryptocurrency expert, specialising in fundamental analysis and medium to long term investments. Jay has a great deal of hands-on experience in analysing financial markets and performing technical analysis. Jay is currently focusing on the institutional adoption of cryptocurrency and what it means for the future of…

View full profile ›

More by this author:

Popular Topics

  Comments on this article are closed.

Get weekly insider business guides & reviews for free

Join our FREE Telegram Group Now!