Internal audit compromised due to regulatory burdens

A global survey of 800 internal audit chiefs has revealed that the pressures
of regulatory compliance have compromised their ability to complete thorough

The research – whose respondents were from North America ( 51%), Europe
(17%), Latin America (15%), Asia-Pacific (9%), the Middle East (8%) and Africa
(55%) – produced by business analysis firm
, highlighted the need for companies to continuously monitor their
internal controls.

Amidst compliance deadlines, key managers were pulled in from various parts
of companies to work on meeting the deadlines, causing monitoring of other areas
of business to be neglected.

The survey of companies, with revenues ranging from $500m (£261m) to over
$10bn, revealed that:
•One in five audit executives felt their department’s independence was
compromised by their involvement in compliance programs
•A total of 36% of organisations have adopted a continuous auditing approach
across either all or within select business processes
•39% plan to implement continuous auditing in the near future
•A shortage of skilled internal audit staff was identified as the most critical
challenge to fulfilling the internal audit mandate (68 percent)
•Other major global challenges identified were the complexity of the IT
environment (65%) and the lack of ownership for controls and related risk (62

President and CEO of ACL Services Harald Will, said a major concern was that
the independence of internal audit was especially compromised by the manual
effort of compliance.

‘Many felt technology could be applied to overcome this, but the challenge of
the shortage of skilled staff also came up.

‘Whether it was a Sarbanes-Oxley deadline or something else, there is panic
as the deadline looms. Staff are pulled in from other parts and then rush to
complete filing and attempt to return to business as usual.

‘For this reason organizations are moving towards more automated processes,
which continuously monitor transactions, and easily flag anomalies and notify
breaches,’ said Will.

The Institute of Internal Auditors
president, Dave Richards, said compliance can be a time-consuming distraction of
internal audit in its day-today responsibilities.

‘If this prevents the internal auditors from completing the audit plan, it
leaves companies wide open to a vast array of other risks that should be
assessed and monitored. Software that automates the testing of internal controls
to help meet compliance requirements can be a useful tool in balancing the scope
of internal audit work,’ said Richards.

Further reading:

Sarbox resolve flagging

Internal auditors ‘hammering down the boardroom door’

Related reading