Home > News > Technology > Thomson Reuters Finds Increased Internal Audit Burden
Technology

Thomson Reuters Finds Increased Internal Audit Burden

Internal audit practitioners are bearing the brunt of a quickly changing regulatory landscape, particularly in financial services, according to a new survey by Thomson Reuters.
By Wicy Wang(2147484160)
Internal audit practitioners are bearing the brunt of a quickly changing regulatory landscape, particularly in financial services, according to a new survey by Thomson Reuters. While 26% of organizations chose fraud and corruption as one of their top three areas for time and resources (compared to 16% last year), 50% of auditors thought that the risk management tools they currently used either provided them with no satisfaction or left them very dissatisfied when used to conduct risk assessments.

The survey included more than 1,100 internal audit practitioners worldwide, and represented a wide variety of industries including financial services, manufacturing, government, energy and other highly-regulated industries.

While more firms are dedicating resources to fraud and corruption, less time is being on other areas such as IT security and risk, which dropped to 42% to 54% last year. Resource constraints mean that some priorities are not being met. Strategic level risk management came near the bottom of internal auditors’ top three concerns (9%), while 36% said the activity should be on of the top three.

Other key findings addressed reporting and internal communication; 61% of audit committees reported to the board on a quarterly basis whilst 12% weren’t sure how often they reported to the board and only 2% reported on an annual basis. Meanwhile, the number of internal auditors who spoke to the compliance function on a weekly basis fell by 7% from 2012. One of the top three areas that internal auditors believe they will spend more time on in the coming year includes reporting to senior management.

The poor evaluations of risk management could be attributed to the use of inappropriate risk management tools, such as well-established IT packages that are core to a company’s corporate culture, instead of bespoke IT audit packages which will require staff training. The interaction of internal audit with risk management functions was also found to be in decline, with just 18% interacting on a weekly basis from 32% last year.

«