How sophisticated is your internal audit function?

How sophisticated is your internal audit function?Internal audit is a crucial part of the corporate governance function, and departments continue to tackle the growing challenges of increased regulation, higher stakeholder expectations and emerging risks.


The ability to objectively evaluate the maturity of internal audit processes is important, as it enables businesses to gauge current performance and make adjustments to optimise processes. But do you know how sophisticated your internal audit department is?


A recent report from the Chartered Institute of Internal Auditors Research Foundation (IIARF) highlighted key areas of the function that businesses must assess to ensure they have sophisticated processes in place.


The study, released as part of the Global Internal Audit Common Body of Knowledge (CBOK) project, surveyed more than 2,500 chief audit executives (CAEs) worldwide to ascertain the most important elements of the profession.


Here are some of the ways to gauge performance within internal audit.

1. Strategic alignment

Alignment between internal audit and the organisation’s strategic plan is important, as it shows corporate governance can work closely and profitably with the business.


Of those polled, 19 per cent of CAEs claimed their internal audit department was fully aligned, while 36 and 34 per cent said they were ‘almost fully aligned’ and ‘somewhat aligned’ respectively.

2. Background of internal audit staff

The report said internal audit departments that contain professionals with varied backgrounds showcase maturity. An equal mix of traditional auditing skills and industry knowledge is preferable, with Europe and the Middle East & Africa having the highest percentage of firms with the right balance at 62 per cent each.


According to the results, the older the department, the more likely it is to have an equal mix of traditional skills and industry knowledge.

3. Risk assessment capabilities

The IIARF said comprehensive risk assessment, compared with focused risk assessment, is key for modern internal audit departments. The two terms relate to the way in which data is collected; ‘comprehensive’ means various risks are considered holistically, while ‘focused’ methodologies concentrate on different risks one at a time.


The report showed 71 per cent of internal audit departments currently employ comprehensive risk assessment, with the Middle East & North Africa topping the list at 80 per cent.

4. Documentation and monitoring processes

Clear, transparent and documented operating procedures are a sign of departmental sophistication, although only 54 per cent of global firms confirmed their processes were written in an internal audit manual and monitored.


In fact, 17 per cent of businesses claimed their auditing was ad-hoc and not documented, while 29 per cent said procedures were documented but weren’t monitored.

5. Technology adoption

The evolution of technology has brought significant benefits to corporate governance departments, and the best firms use the latest innovations to drive their internal audit processes.


Only 39 per cent of companies currently report supporting the internal audit function with the appropriate technology, while 23 per cent rely only on manual procedures and systems. Organisations in North America and South Asia are the most tech-savvy when it comes to implementing new tech.

6. Quality assurance and improvement program (QAIP)

The IIARF noted that QAIPs are a good indicator of mature internal audit departments, with approximately one third of CAEs reporting their business had an initiative in place.


Almost all respondents agreed that a scheme to ensure the ongoing improvement of approaches, methodologies and tools used among auditors is necessary for high-quality services.

7. Audit planning

Risk assessment parameters often change rapidly along with business conditions, and internal audit departments must keep up. This requires regular reassessments and updates.


Nearly 60 per cent of businesses perform an annual risk assessment with periodic formal updates, while 23 per cent are continuously evaluating risk inputs to better tailor strategies.


As we can see, the survey provides a number of insights into how CAEs value the sophistication of their internal audit functions. How does your department score across these factors?


If you’d like to strengthen your internal audit function, please get in touch with a representative today to discuss your recruitment needs.


Our Market Reports combine our review of the prevailing conditions in the internal audit recruitment market together with the results of our latest employer survey.


Image: utah778 via iStockADNFCR-1684-ID-801826214-ADNFCR