Study Shows Stakeholders Want More Focus on Risk Identification and Management

While concerns about global economic uncertainty continue to be top of mind for business leaders, other significant issues such as fraud and ethics, mergers and acquisitions, large programs, new product introductions and business continuity are emerging to further complicate business strategies and performance.

In fact, according to the new 2012 PwC State of the Internal Audit Profession study, businesses are asking internal audit to play an increased role in helping companies navigate the rapidly changing risk landscape. To illustrate my point, here are a few key findings from the report:


Data privacy and security is now the single most requested area for increased internal audit. Nearly half (46 percent) of stakeholders participating in this study want added capabilities in this area.


Help with regulations and government policies was the second largest requested area. About one-third (32 percent) want internal audit to become more involved in how their business understands and manages this risk.


PwC found that successful internal audit functions create plans through comprehensive, top-down risk assessments where the entire risk management process is considered. However, almost half (45 percent) of those polled said they do not create their audit plans using this kind of top-down risk assessment approach.


When asked about the most common barriers to internal audit's active involvement in a fully comprehensive risk management function, a majority of survey respondents cited organizational and cultural resistance, followed by a lack of internal audit resources and expertise.


"As the risk landscape continues to evolve, the majority of business leaders surveyed said they are not comfortable with how their risks are being managed, although 74 percent of those surveyed have formal enterprise risk management processes," said Dean Simone, leader of PwC's U.S. Risk Assurance practice. "To deliver what stakeholders want, the standard for an effective internal audit function has been raised and internal audit needs to elevate its performance to meet the always increasing stakeholder expectations. Businesses must evaluate total enterprise risk, coordinate with the internal audit functions and break down organizational barriers to provide a holistic approach to risk management."

A copy of the report, PwC 2012 State of the Internal Audit Profession Study, is available for download here.