Chief Audit Executives cite skill gaps and lack of impact and influence as key concerns according to new Deloitte research report
- A mere 13 percent of Chief Audit Executives (CAEs) are “very satisfied” that their functions have the skills to meet stakeholder expectations
- Only 28 percent of CAEs believe their Internal Audit functions have strong impact and influence in their organizations
- Increased investment in analytics presents major opportunities to increase efficiency, value and impact of audits
NEW YORK, NY, 18 July 2016 — Chief Audit Executives (CAEs) recognize that Internal Audit groups need to change, but many struggle to act on that understanding according to Deloitte Global’s new report entitled “Evolution or irrelevance? Internal Audit at a crossroads.”
The study of more than 1,200 CAEs in 29 countries and eight industry sectors represents Deloitte’s most comprehensive survey of Internal Audit1 to date. Respondents were asked to comment on their functions’ status, capabilities, activities, roles, and resources currently and over the next three to five years.
Only 28 percent of survey respondents believe that their Internal Audit groups have strong impact and influence in their organizations. In fact, 16 percent believe that their Internal Audit function has little to no impact and influence over the board of directors, executive team, and other key personnel. Yet 64 percent also believe it will be important to have strong impact and influence in their organizations over the next three to five years.
“These findings are concerning and indicate a real need for Internal Audit groups to substantially increase their relevance within their organizations,” said Terry Hatherell, Internal Audit Leader for Deloitte Global. “Internal Audit plays a critical role in effective corporate governance within an organization. The apparent lack of impact and influence is very surprising and represents a very clear call to action for change.”
The study found that more than half of CAEs (57 percent) are not satisfied that their Internal Audit groups have the skills and expertise to deliver on stakeholder expectations for efficient audits, insightful reports, and effective decision-support. Only 13 percent reported being very satisfied with their groups’ skills, citing specialized information technology skills, such as cyber and cloud computing, as the most frequent skill gaps as well as data analytics.
The majority of respondents currently use analytics in fieldwork, but fewer do so in annual planning and audit scoping. Over the next three to five years, 58 percent of respondents expect to be using analytics in at least half of their audits. Thirty-seven percent expect to move to high usage—employing analytics in at least 75 percent of their audits.
The survey revealed not only gaps in the use of analytics but also stakeholders’ expectations for more forward-looking, predictive activities (e.g., risk anticipation) from Internal Audit―the kind of activities enabled by analytics.
“The need to enhance analytics tools and techniques stands out among the most urgent priorities for Internal Audit,” added Neil White, Internal Audit Analytics leader for Deloitte Global. “While using analytics to deliver audits more efficiently is an important goal, the survey results lead us to believe Internal Audit should capitalize on the wealth of available data to deliver more insightful views of business issues and risks.”
Additional report highlights:
- Current use of analytics is largely at basic levels — While 86 percent of respondents use analytics, only 24 percent use them at an intermediate level and 7 percent at an advanced level. Most (66 percent) use basic, ad hoc analytics (e.g. spreadsheets) or no analytics.
- Dynamic reporting is poised to increase — Use of static text documents and presentations to communicate with stakeholders will decrease as usage of dynamic visualization tools are anticipated to increase from 7 percent to 35 percent among respondents. (Visualization tools generate heat maps, bubble charts, interactive graphs, and other easy-to-grasp representations of data.)
- Advisory services will likely expand — More than half of respondents (55 percent) expect the proportion of advisory services they provide to expand over the next three to five years.
- Innovation will drive important developments — CAEs cited risk anticipation (39 percent) and data analytics (34 percent) as the two innovations most likely to impact Internal Audit over the next three to five years.
- Reviews of strategic planning and risk management will likely increase — While about one-third of Internal Audit groups have evaluated their organization’s strategic planning process in the past three years, over half expect to do so in the next three years. In the next three years, 70 percent expect to evaluate their organization’s risk management process, up from 54 percent over the past three years.
- Alternative resourcing will likely expand — Over the next three to five years, the percentage of respondents with formal rotation programs is expected to double. The percentage with guest auditor programs will likely increase by 50 percent, and according to respondents, cosourcing will increase as well.
- Budgets will likely remain stable, which may present challenges — In a time when Internal Audit may need to make significant investments to strengthen its impact and influence, half of CAEs expect their budgets to remain stable, and another third expect them to increase somewhat. Only 10 percent expect budget decreases.
About the report
Deloitte Global’s “Evolution or irrelevance? Internal Audit at a crossroads” report is based on a 2016 survey of more than 1,200 Chief Audit Executives in 29 countries and eight industry sectors. The findings are based on the analysis of this collective data. The full report can be found at www.deloitte.com/globalCAEsurvey.
1Source: According to The Institute of Internal Auditors, internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.
Deloitte provides audit, consulting, financial advisory, risk management, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500® companies through a globally connected network of member firms in more than 150 countries bringing world-class capabilities, insights, and high-quality service to address clients’ most complex business challenges. To learn more about how Deloitte’s approximately 225,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter.