Quarter of organisations facing risk assurance struggles
Economic challenges, technological innovations and volatile global politics mean it’s more important than ever for decision-makers to be as informed as possible about potential risks facing their organisation. However, worrying new research shows that many organisations – across both the public and private sectors – are falling well short when it comes to risk assurance.
Carried out by the Chartered Institute of Internal Auditors (CIIA), the study found that one in four businesses and public sector bodies assessed in benchmarking reviews over the past year struggled to conform to the international standards established by the Global Institute of Internal Auditors. Failure to meet these guidelines is preventing boards from getting sufficient insight into the effectiveness of risk assurance processes in place at their organisation, hampering their ability to make accurate and effective decisions.
The role of internal audit in risk planning
As the CIIA notes, internal auditors have a key part to play in assuring that organisations as adequately prepared to deal with any risks that may arise. Their role should revolve around providing independent guarantees on the effective operation of risk management, governance and internal control processes, but the research discovered that this is often not the case.
The report highlighted a number of areas in need of improvement. These include:
- Giving a view on risk controls at an earlier point in their implementation
- Properly targeting resources towards areas of greatest risk through the development of quality assurance plans
- Introducing both qualitative and quantitative measures to determine the effectiveness of risk control measures
- Communicating better with the board on the internal audit team’s approach
Improvements in risk assurance have already been made
While the CIIA warns that there are still steps to be taken in order to guarantee that risk assurance standards are being achieved, it insists that significant progress has already been made.
Chief executive Dr Ian Peters said many companies had made “substantial improvements” in this area over recent years, having been spurred on by the financial crisis to pay more attention to governance, risk management and control.
However, he stressed that the remaining quarter of organisations that are falling short of the international audit standards must give serious consideration to how they can make their internal audit team fit for purpose.
“It’s critical that internal audit gets the support right from the top of the organisation which it needs to do its job effectively,” Dr Peters explained.
“The insight gained through our benchmarking research should provide a vital tool in helping businesses and other bodies to identify areas for improvement and devise action plans to raise performance.”
The importance of flexibility and efficiency in risk assurance
For the majority of businesses and public sector bodies, the benefits of effective risk assurance are already being felt.
However, others are still struggling to deploy their resources as well as they possibly could, which affects their ability to concentrate on the most significant risks. To be truly effective and be prepared to tackle risks when they arise, internal audit departments must operate in a flexible and efficient manner.
“Organisations can’t afford to rest on their laurels,” Dr Peters commented. “Increasingly the challenge is not about delivering basic levels of risk assurance, but about ensuring that internal audit’s work is constantly evolving and improving as the needs of the business and the expectations of regulators, investors and other stakeholders change.”
Our 2015 Mid-Year Report combines a review of the prevailing conditions in the internal audit recruitment market with the results of a comprehensive compensation survey, covering both permanent and contract internal and computer auditors.