What's Ahead for Internal Auditors? Three Reports Offer a Look into the Future

Article excerpt

The role of the internal auditor has evolved dramatically over the past century. Prior to the 1940s, internal auditors had a very limited function in an organization. Members of the controller's department, they were concerned strictly with accounting verification within the firm as part of providing assistance to external auditors. Since that time and up to 2002, internal auditors gradually assumed a larger role in terms of serving management, not just from an accounting perspective but also from an operations orientation. Internal auditors, for all intents and purposes, became internal management consultants, examining not only accounting but also nonaccounting functions such as human resources and purchasing. (For an analysis of the history of internal auditing, see Robert Moeller's 2005 book, Brink's Modern Internal Auditing, especially pages 4-7.)


Then came the Enron scandal. Management was criticized for failing to maintain adequate internal controls, to staff the internal audit function properly, and to allow internal auditors to report to an independent audit committee. To help mitigate these deficiencies, the U.S. Congress enacted the Sarbanes-Oxley Act of 2002 (SOX).

Section 404 of SOX requires management to assert its responsibility for maintaining effective internal controls and to perform an annual evaluation of the controls.

The enactment of SOX elevated the importance of internal audit in many corporations. No longer are internal auditors only concerned with examining the suitability of internal financial and operating controls, safeguarding assets, and promoting effectiveness and efficiency of the organization. Today, through their chief audit executive (CAE), internal auditors are involved in the overall process of corporate governance, moving into a broader role of enterprise risk management (ERM). Now they assess a vast array of uncertainties the entity faces (including capital and product markets as well as legal and regulatory) and recommend courses of action to deal with those uncertainties. Internal auditors are playing an ever-expanding role in advising management, the audit committee, and independent auditors on many issues concerning their organization's performance.

Here we analyze three new reports on the current and evolving role of internal auditing that were published by PricewaterhouseCoopers (PWC), the Professional Accountants in Business (PAIB) Committee of the International Federation of Accountants (IFAC), and the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The three reports accentuate the importance of viewing controls as part of the evolving organizational governance, stressing the need for frequent and meaningful communication among all the parties affected. The reports also call for continuous improvement in the management of risk throughout the organization.

The PWC report, Internal Audit 2012, which focuses on trends that are expected to have a significant impact on the role of internal auditing, recommends that internal auditors adopt a risk-centric mind-set to maintain their role as key players in assurance and risk management. IFAC's Internal Control from a Risk-Based Perspective consists of interviews with 10 accountants from various organizations about their internal control experiences, reflecting a consensus that risk management, in view of its association with appropriate corporate governance, is the key to internal audit. COSO's Guidance on Monitoring Internal Control Systems, which is part of an extensive monitoring project, advocates that monitoring internal controls is critical to achieving organizational goals. This report calls for a risk-based approach to such monitoring. See Table 1 for an overview of the reports.

Table 1: An Overview of the Three Reports

                 INTERNAL AUDIT 2012      INTERNAL        GUIDANCE ON
                                       CONTROL FROM A     MONITORING
                                         RISK-BASED     INTERNAL CONTROL
                                         PERSPECTIVE         SYSTEMS

OBJECTIVE       To provide a           To provide an    To enhance an
                consensus projection   assessment from  understanding of
                of the trends shaping  10 global        the building
                internal audit by      professional     blocks of
                2012. …