PricewaterhouseCoopers released its annual study on the State of the Internal Audit Profession on Thursday. The results reveal that internal auditors should spend more time working to better address operational and business risks rather than assuring others that the risk management systems they have in place are doing their jobs.
Sixty-three percent of survey respondents consider operational risk to be of significant importance to audit committees, suggesting a deepening appreciation among both audit committees and audit leaders of the need for internal audit to increase its focus on operational, strategic, and business risks. At the same time, only 52 percent of respondents consider providing assurance on the effectiveness of a company's risk management processes to be of significant importance...
Despite the growing trend toward non-financial compliance audits, however, many companies' audit committees still spend the lion's share of their time and money on the finance end of things. Roughly 80 percent of respondents said they spend "less than 20 percent of their resources on non-financial audits."
Matching skill sets with audit needs also continues to be a challenge for audit committees, according to the survey:
In the post-Sarbanes-Oxley era, many internal audit directors are finding that they have the right head counts but the wrong skill sets to address non-financial risks that had previously taken a backseat to Sarbanes-Oxley compliance.