Latest study by Protiviti shows more US companies starting to give internal auditors more pro-active role
The trend of internal auditors around the world moving away from providing 'rear-view mirror' services to the companies they work for to ones that involves them earlier in the process of risk management is gaining momentum, according to a recent report by Protiviti.
Internal auditors ‘are increasingly being asked to become more involved in enterprise risk management (ERM) and looking at new applications, processes and emerging risk,’ says Brian Christensen, executive vice president of global internal audit and financial advisory at Protiviti.
The 2015 edition of Protiviti’s report, ‘Internal auditing around the world’ finds that internal auditors are being enlisted to go beyond mere compliance to assist companies in assessing strategic risks such as cyber-security risk and economic uncertainty.
While internal auditors at companies in Europe and the Middle East have been asked to weigh in on their companies’ ERM projects for some time, their counterparts in American companies are now also being asked to do so.
‘Every country has unique expectations and laws and if you are a global player within the marketplace, internal auditors need to be astute as to what those variances might be because what might be prevalent in Europe’s privacy rules could be different in Canada or the US. But countries still need to be responsive to that,’ Christensen says.
Specifically, companies are transitioning internal auditors from a policing role to one of strategic consulting, according to the report -- the eleventh in a series -- which profiles 10 global companies in countries such as Belgium, Australia, the United Arab Emirates, Saudi Arabia, China and the UK.
‘In Europe and the Middle East, there’s more forward-looking involvement of internal auditing around risk and compliance, not just transactional compliance, whereas in the US internal auditors have been consumed with financial statement compliance and Sarbanes-Oxley,” says Christensen.
Asian countries are on the tail end of the trend but appear to be learning quickly. With 200,000 companies that have become members of the Institute for Internal Auditors, China's internal auditing profession is growing at a faster pace than that of any other country in Asia, Christensen says.
Australian companies are among the first to view controls and enterprise risk holistically. ‘Australia has a strong focus on governance and cultural values and companies have been involving internal auditors at an earlier stage of discussion, with boards of directors concerned about assessing risk, reporting it and enhancing [its management] to reduce a company’s risk profile,” says Christensen.
Organizations profiled in the report include AMP, the Australian Taxation Office, Bayer AG, Euroclear SA/NV, JC Penney, Kimberly-Clark, the London Stock Exchange Group and United Overseas Bank.
‘The role of the internal auditor has shifted dramatically during the last several years and it's important to recognize these changes and plan accordingly,’ Christensen says. ‘We share the perspectives of ten companies' internal audit functions on the delicate balancing act of becoming a more strategic partner to the business while not compromising their independence and objectivity.’
