Tough risk assurance systems still lacking, says IIA report

A QUARTER of organisations are failing to implement robust risk assurance systems, a report from the Chartered Institute of Internal Auditors (IIA) has found.

The report found that 25% of the 40 businesses and public sector bodies assessed by the institute in benchmarking reviews over the past 12 months had experienced difficulty conforming to the international standards set out by the Global Institute of Internal Auditors.

Such an oversight means that boards will not be getting an adequate overview of the effectiveness of their organisation’s risk management processes, the institute stresses.

Ian Peters, the institute’s chief executive, said: “Many companies have seen a substantial improvement in terms of how well their risk assurance systems over the past few years – heightened interest in governance, risk management and control since the financial crisis has helped to raise the profile of internal audit.

“The remaining quarter should now consider how they can raise standards and ensure that their internal audit function is fully fit for purpose. It’s critical that internal audit gets the support right from the top of the organisation which it needs to do its job effectively.”

Areas ripe for improvement include developing qualitative as well as quantitative measures of how effective the organisation’s risk controls are and communicating more effectively with the board about the approach of the internal audit team, the report concludes.

In July, the IIA said its financial services code, which sought to drive and improve the behaviour of internal audit functions for boards, audit committees and regulators, appeared to be harvesting the cultural and governance fruits of its labour, some two years after its launch.

Related reading