IT Risk, IFRS Transition: Internal Auditors' Biggest Concerns

Gaining a better understanding of IT risk, International Financial Reporting Standards (IFRS) and extensible business reporting language (XBRL) top the ‘to do’ list for internal audit executives this year, according to the 2009 Internal Audit Capabilities and Needs Survey conducted by Protiviti, a business consulting and internal audit firm. The survey report also shows ISO 27000 (information security) rounding out the top five concerns list, but indicates that internal auditors are becoming more comfortable with the data security and privacy measures companies are implementing.

“In today’s volatile business environment, internal auditors play a critical role in guarding against the breakdowns, losses and inefficiencies their companies just can’t afford,” said Bob Hirth, executive vice president of Global Internal Audit at Protiviti. “You can see the impact of this economic cycle reflected in the way internal auditors answered this year’s survey; there’s a real shift in their view of risk and how it’s managed compared to years past.”

This is Protiviti’s third Internal Audit Capabilities and Needs Survey. The 2009 survey had more than 1,000 participants - chief audit executives, internal audit directors, and managers from publicly traded, private, government, educational and nonprofit organisations - who hailed from virtually every major business sector, including financial services, insurance, real estate, energy, utilities, manufacturing, distribution, healthcare, technology, biotechnology, hospitality, retail and telecommunications. The participants answered 100 questions in three categories: general technical knowledge; audit process knowledge; and personal skills and capabilities.

Additional survey findings include:

• Enterprise Risk Management - most pressing for hospitality and life sciences companies - was among the top-five ’need to improve’ areas in the general technical knowledge category.
• For the first time, four fraud-related activities ranked among the key areas that needed the most improvement, with healthcare organisations expressing the most concern.
• When it comes to personal skills, dealing with confrontation - an area added to the 2009 survey - ranked the second highest ’need to improve’ area, following the development of board of directors and audit committee relationships.

“An internal auditor’s success lies with a commitment to ongoing learning and improvement, along with a deep understanding of the organisation’s needs and how those needs can be met through internal audit,” Hirth added. “As a profession, we must continue to enhance our skills in the areas assessed in this survey and educate ourselves on new technologies and competencies that will be required of us in the months and years to come.”