Increasingly, internal audit professionals must possess a strong understanding of hot areas of technology, such as cloud computing and social media—and the risks they bring—in order to perform their jobs, according to a new study from global consulting firm Protiviti.

With a focus on technology, the sixth edition of Protiviti’s Internal Audit Capabilities and Needs Survey assesses internal auditors’ skills and knowledge, and identified those competencies most in need of improvement, with more than 800 internal audit professionals from around the world participating in the survey.

Many internal auditors have admitted that their technology IQ could be improved a few points, both in understanding new technologies and employing technology-enabled auditing processes.

“Technological advancements in virtually every organization are creating new challenges and opportunities for internal audit professionals,” said Brian Christensen, Protiviti executive vice-president and head of global internal audit for the firm.

He added, “Not only must internal auditors enhance their knowledge and understanding of new technologies and how they support the business, but they also must leverage these technologies to perform their jobs more effectively.”

Key findings of the survey include that fact that when it comes to general technical knowledge, internal auditors rank social media applications and cloud-based computing as their top two business priorities, and as the areas where their skills are most in need of improvement.

These findings are a change from a year ago when IFRS and GTAG 13 (Global Technology Audit Guide) topped the same list.

“Unlike some other areas of technology, social media and cloud-based applications are often used across an entire organization and create new enterprise-wide risks,” Christensen said. “As usage continues to grow, the internal audit function is being challenged to identify, assess, monitor and mitigate these new and emerging risks appropriately.”

Another key finding is that there is significant potential for improvement via technology-enabled audit, with one in three organizations not utilizing software applications to administer its audit processes and only one-in-four planning to implement such tools.

Among those that do, 27% use only basic word processing or spreadsheets (more than any other tools).

In looking at the use of technology in auditing business process controls, respondents ranked “IT asset management” as a top area for improvement.

“There’s significant cost associated with IT assets. Even a relatively small percentage of ‘loss’ in terms of hardware or data could result in significant financial losses and, in the event of a security or data breach, potentially devastating effects in terms of regulatory noncompliance and reputation loss,” said Christensen.

A surprisingly large number of organizations (60%) do not leverage data analysis or technology-enabled audits to prevent fraud. However, more than half of all organizations use these processes to detect, monitor and investigate fraud.

Consistent with findings from previous years of the study, survey respondents said the audit process they most need to brush up on is the use of continuous auditing and computer-assisted auditing tools.

In terms of soft skills, survey respondents’ top priority is becoming better at networking, including developing outside contacts, which is an indicator of the value of developing best practices and in learning from other high-performing organizations.

The Internal Audit Capabilities and Needs Survey was conducted through live and online surveys in the fall of 2011.

Originally published on
Add a comment

Have your say on this topic! Comments are moderated and may be edited or removed by
site admin as per our Comment Policy. Thanks!