Disappointed by the PwC State of the Internal Audit Profession 2011
Over the years, PwC has provided visionary insights into not only the current state of internal audit, but where it needs to be going.
The best of these was published in 2007, Internal Audit 2012. The key message was “Internal audit leaders must adopt risk-centric mindsets if they want to remain key players in assurance and risk management”. I believe that message remains the key for internal audit functions today.
If you haven’t read this seminal document, DO IT NOW!
But, PwC has not retained (IMHO) the momentum – or the quality of their guidance. The latest State of the Internal Audit Profession is a pale imitation of the 2012 report. (I can’t say I understand, because PwC has some fine people in leadership roles).
Rather than continue the pressure for a focus on business risk, and what is important to the organization, the major part of this document is about detail: this risk and that risk.
Frankly, the best quotes are from my very good friend, Joel Kramer:
- “Internal audit must concentrate on inherent and residual high risks and remove low risk, low impact audits off our annual plans. Also, we should remove low-risk, low-impact audit steps from our audit programs.”
- “How to audit is simple, the question is ‘what to audit?’ You have to audit risk. There are four levels—risk that is unique to the process, to the organization, to the industry, and to the environment. Whether you are an eight-person or an eighty-person department, every audit you do should reconcile to one of these risks. Every internal auditor needs to know what can bring the organization to its knees.”
Where are the questions about internal audit providing assurance on enterprise-wide risk management? I can’t see them, can you?
Leave a comment
Norman Marks on Governance, Risk Management, and Internal Audit 
Norman, I was interested to read this article.
Over here in Australia at the moment, the market has shifted slightly with regards to what the market wants from its Internal Audit Function.
Companies, Government Departments, even the Not-For-Profit sector, want more from than Internal Audit function rather than what is now a risk management and assurance process.
The market here is now focused on the strategic direction and position of the entity after the GFC. After three years of putting out spot fire and focusing heavily on risk management, they are now interested on the where to from here.
The common theme that is popping up in client meetings is the client wants the delivery of Total Business Solutions. They expect that the Auditor whilst independent of the processes, has a commercial acumen that will nevertheless assist them to manage into the next strategic phase of there business.
The question that needs to be answered, is beyond the risk-centric mindsets what else do we as internal auditor bring to the table that will ensure the companies sustainability and future outlook?
Norman – thanks for your positive comments regarding PwC’s 2012 State of the Internal Audit Profession report. Our study represents a foundational piece of our philosophy, and together with publications such as An Opportunity for Transformation, and Maximizing Internal Audit, they are the vehicles through which we strive to provide tactical ideas and guidance for companies seeking to implement a risk centric approach to management. In this year’s report, we expanded upon that theme by citing case studies of Fortune 50 internal audit functions that add value to their organizations through strategic initiatives to mitigate risk.
Very good post, I was really searching for this topic, as I wanted this topic to understand completely and it is also very rare in internet, that is why it was very difficult to understand.
Thank you for sharing this.
regards:
ISO 9001