Recent Survey Unveils Internal Audit’s Expanding Role in Risk Management

Recent Survey Unveils Internal Audit’s Expanding Role in Risk Management

By

Organizations today are increasingly turning to their internal audit teams to bridge the widening gap between risk demands and risk management capacity. A recent survey conducted by AuditBoard sheds light on this shift, revealing that the role of internal audit is expanding significantly as companies seek to bolster their resilience against emerging threats.

The 2024 survey, which polled 150 Chief Audit Executives (CAEs) and internal audit leaders, highlights a growing expectation for internal audit teams to play a more integral role in risk management. According to the findings, 55% of Chief Financial Officers (CFOs) and 50% of audit committees and boards are calling for internal audit to take on additional responsibilities in this area. Notably, when asked about their future priorities, CAEs ranked integrated risk management as the top area where they anticipate expanded engagement.

This shift is not without its challenges. Traditional audit and Sarbanes-Oxley (SOX) compliance work continue to dominate the capacity of internal audit teams, raising the question of how organizations can effectively enhance their risk management capabilities without overburdening their audit functions.

Enter the concept of connected risk – a modern, cross-functional approach to managing risk across the enterprise. Connected risk aims to unify teams, streamline data sharing, and automate processes, offering a more holistic view of the organization’s risk profile.

AuditBoard’s report, titled "Internal Audit’s Expanding Role: The Foundation for Connected Risk," provides a comprehensive blueprint for internal audit teams looking to embrace this approach. The report outlines several key strategies and actionable insights designed to optimize internal audit activities and align them more closely with broader risk management goals.

Insights from the Report:

  1. Benchmarking Time Allocation: The report offers a valuable benchmark for internal audit teams, allowing them to compare their time allocation with that of organizations of similar size. This comparison can help identify areas where time could be better spent to enhance risk management efforts.
  2. Focus Areas for Expansion: The survey identifies two key areas where CAEs aim to expand their efforts by 2026: integrated risk management and increased collaboration with other risk-related functions. The report provides strategies for how internal audit teams can begin to shift their focus toward these priorities.
  3. Optimizing SOX Compliance: Reducing the time spent on SOX compliance is another critical area addressed in the report. By adopting connected risk practices, internal audit teams can streamline their SOX activities, freeing up capacity for other risk management initiatives.
  4. Four Cornerstone Projects: The report outlines four foundational projects that internal audit teams can undertake to build the foundation for connected risk. These projects are designed to help teams gradually transition to a more integrated and coordinated approach to risk management.
  5. Quick Wins for Buy-In: Gaining organizational buy-in is often a hurdle when implementing new risk management strategies. The report offers five quick wins that internal audit teams can achieve to demonstrate the value of connected risk and secure the support needed for broader implementation.

As organizations continue to navigate an increasingly complex risk environment, the role of internal audit is becoming more crucial than ever. By embracing the principles of connected risk, internal audit teams can not only enhance their own effectiveness but also contribute to a more resilient and risk-aware organization.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.