A global survey of 800 internal audit chiefs has revealed that the pressures of regulatory compliance have compromised their ability to complete thorough audits.
The research – whose respondents were from North America ( 51%), Europe (17%), Latin America (15%), Asia-Pacific (9%), the Middle East (8%) and Africa (55%) - produced by business analysis firm ACL Services, highlighted the need for companies to continuously monitor their internal controls.
Amidst compliance deadlines, key managers were pulled in from various parts of companies to work on meeting the deadlines, causing monitoring of other areas of business to be neglected.
The survey of companies, with revenues ranging from $500m (£261m) to over
$10bn, revealed that:
•One in five audit executives felt their department’s independence was
compromised by their involvement in compliance programs
•A total of 36% of organisations have adopted a continuous auditing approach
across either all or within select business processes
•39% plan to implement continuous auditing in the near future
•A shortage of skilled internal audit staff was identified as the most critical
challenge to fulfilling the internal audit mandate (68 percent)
•Other major global challenges identified were the complexity of the IT
environment (65%) and the lack of ownership for controls and related risk (62
percent)
President and CEO of ACL Services Harald Will, said a major concern was that the independence of internal audit was especially compromised by the manual effort of compliance.
'Many felt technology could be applied to overcome this, but the challenge of the shortage of skilled staff also came up.
'Whether it was a Sarbanes-Oxley deadline or something else, there is panic as the deadline looms. Staff are pulled in from other parts and then rush to complete filing and attempt to return to business as usual.
'For this reason organizations are moving towards more automated processes, which continuously monitor transactions, and easily flag anomalies and notify breaches,' said Will.
The Institute of Internal Auditors president, Dave Richards, said compliance can be a time-consuming distraction of internal audit in its day-today responsibilities.
'If this prevents the internal auditors from completing the audit plan, it leaves companies wide open to a vast array of other risks that should be assessed and monitored. Software that automates the testing of internal controls to help meet compliance requirements can be a useful tool in balancing the scope of internal audit work,' said Richards.
Further reading:
Comments