Corporates could be facing a higher risk of fraud because internal audit is failing to provide the reassurance on risk management that companies need
A survey of largely FTSE100 audit committee chairmen by
PricewaterhouseCoopers has found that, in many cases, not enough reliance is
being placed on internal audit to help them effectively carry out their role.
Many of the respondents questioned the skills and status that their internal
audit functions possess to enable them to play a full role in the risk
assessment process, with large numbers relying more on the track record of
executive management or their external auditors for assurance.
Some questioned the independence of the function, as it often reports to the
‘Internal audit should act as the eyes and ears or in many cases the
conscience of the business,’ said Jennifer Matheson, director for PwC’s internal
audit services. ‘This is not yet happening to the extent that it should.’
She added that, if not addressed, there was potential for greater exposure to
risk, but audit committees had probably prioritised their time effectively so
The survey also found that many were unaware of new Turnbull requirements for
the audit committee to objectively assess the performance of internal audit
annually, and to have an external evaluation every five years.