Top skills sought from new internal audit staff reflect new priorities

The top five skills sought from new internal audit staff reflect expanding priorities for the profession, according to a recent study.

Accounting and financial skills no longer are the sole focus of many internal auditor job descriptions, according to “The Pulse of the Profession” report by The Institute of Internal Auditors (IIA). Instead, the semiannual report indicates companies are looking for more critical thinking, communication and tech savvy from internal auditors.

According to the report, which was based on a survey of 461 internal audit professionals in the US and Canada, the top five skills sought from new internal audit staff are:

• Analytical and critical thinking, identified by 73% of respondents.

• Communication skills (61%).

• Data mining and analytics (50%).

• General IT knowledge (49%).

• Business acumen (46%).

Analytical and critical thinking also was identified as the most important skill on the IIA’s fall 2011 Emerging Trends Survey.

The most recent IIA survey shows that the role of internal auditing is evolving, an idea that was supported in a recent PwC study that showed new opportunities for auditors in risk-management roles.

According to the IIA survey, many chief audit executives (CAEs) are exploring ways to enhance their values to organisations, but they still have opportunities to better align their planned audit coverage with the risks that are important to key stakeholders.

The report says that internal audit plans are not as strictly focused on financial risks and controls and Sarbanes-Oxley Act (SOX) compliance as in recent years. Instead, respondents’ internal audit plans reflected a balancing of coverage among operational, financial and compliance oversight.

An increase in coverage of SOX oversight for 2012 was reported by 7% of respondents. Increases in operational (33%), strategic business risk (33%) and risk-management effectiveness (32%) oversight were most frequently identified.

Despite those reported increases, overall coverage of strategic business risk and risk-management effectiveness remains a small part of internal audit plans. About 5% of internal audit plan composition for 2012 is dedicated to strategic business risk. Four per cent is dedicated to effectiveness of risk management.

Financial (28%), operational (27%) and compliance (15%) coverage accounts for the majority of focus of internal audit plans amongst respondents surveyed. The report indicates that this focus may be slightly misaligned with the priorities of other stakeholders. According to respondents, the risks receiving the greatest level of board, audit committee and senior management attention were:

• Operational risks (15%)

• Compliance risks (12%)

• Financial risks (11%)

• Strategic risks (9%)

• Human capital risks (5%)

Nonetheless, the report indicates that the relationship between audit committees and CAEs is a good one. Three-fourths of participants stated that the CAE reports functionally to the audit committee. Seventy-seven per cent said there is open dialogue and two-way communication between CAEs and audit committees, and 72% said the audit committee clearly communicates its support for CAEs and the internal audit function to the board and management.

The report recommends a five-step to-do list for CAEs:

• Get key stakeholders to identify their top five areas of concern.

• Map the consensus top five concerns into the current audit plan.

• Discuss the results of this mapping with the stakeholders to identify potential revisions.

• Revise the audit plan as appropriate.

• Periodically update the audit committee and senior management on the results of audits of these areas.

—Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine senior editor.