Chief audit executives are facing the realities of a greater compliance burden, says Grant Thornton LLPs fourth annual CAE survey, by using their limited audit resources to focus on compliance over operational areas.
“The dilemma many CAEs face is how to continue adding strategic value through the internal audit function, given the current compliance-heavy environment,” says Warren Stippich, a Chicago-based partner and Grant Thornton’s national Governance, Risk and Compliance practice leader. “The solution is not to leave compliance behind as an unchosen option in the place of focusing on strategic and/or operational areas—but instead to understand how CAEs can leverage compliance activities to add value.”
As many internal audit executives are being forced to make difficult decisions, a critical piece of maximizing internal audit efficiency and impact, while adhering to the current compliance-heavy environment, is to fully utilize existing resources. If internal audit departments are using a disproportionate amount of resources on compliance activities, there could be significant lost opportunities. Determining the right mix of resources for an organization is an important job function for CAEs.
Internal audit departments continue to remain slow to maximize technology to gain efficiencies. Just 29% of respondents report their companies are using governance, risk, and compliance (GRC)-specific technology, up from 23% in last year’s survey. While adoption numbers have increased, only 22% of respondents believe their organizations effectively leverage GRC technology.
Data analytics continue to remain popular with CAEs, with 60% of survey respondents using data analytics to enhance the internal audit function. The top reason cited for using analytics is the ability to quickly identify patterns, trends and relationships. CAEs also use analytics for such other tasks as forensic analysis (26%), performance measurement (18%) and predictive analytics (28%).
The CAE Survey also reveals that leveraging the “one-to-many approach” has been slower to catch on.
[According to an explanation by Microsoft, in a one-to-many relationship, a record in one table relates to multiple records in a second table, but the records in the second table relate to only one record in the first table.]
Fifty-four percent of respondents indicate they have found ways to implement one-to-many, an increase from last year’s 49%. A full 92% of respondents believe they can potentially apply one-to-many principles to approximately 50% of their control testing. This leaves a large group (38%) of potential one-to-many users that have not yet embraced the practice.
Other highlights from the survey include:
• 69% of survey respondents cite increased cost as the top impact of regulation on their organizations;
• 45% of respondents feel that regulation improved their governance and rigor of testing;
• 36% feel that regulation left them unable to devote resources to higher-value activities; and
• 18% have already started transitioning to the Committee of Sponsoring Organizations of the Treadway Commission’s updated guidance on internal controls, while 35% say they will start the transition in the next 12 months. Twenty-four percent of respondents have no plans to transition to the new framework.