Many internal auditors plan to move to a more continuous risk assessment process in the near future, according to a new survey, as technological advances have made it possible to provide more timely information.
Four in ten internal auditors said they are using a combination of continuous and annual risk assessment processes, according to the 2016 TeamMate Global Audit Technology Survey. An additional 9% have only a continuous risk assessment process.
Others are moving toward more continual assessment of risks. More than half (56%) of internal auditors who currently assess risk on either an annual or periodic basis expect to move to a more continuous risk assessment process within the next two years, according to the survey.
Meanwhile, internal auditors are shifting towards more dynamic audit planning to give their organisations the information they need. Although just 5% of survey respondents are conducting totally rolling audits, 28% expect to move to a rolling audit plan within the next two years.
That shift is occurring slowly, though. A majority (57%) of respondents are conducting an annual audit plan with some periodic updates, while 40% are updating their audit plans either monthly or as audit work is completed.
Strategic and emerging risks
A majority of survey respondents said their risk assessment processes include formally assessing the strategic risks faced by their organisations, said Mike Gowell, general manager of TeamMate, which is part of Wolters Kluwer Tax & Accounting.
“What’s more,” Gowell said in a news release, “70% of our 2016 survey respondents say they are either highly or reasonably confident that their internal audit staffs would either identify any major changes in the organisation’s strategic risk profile or would be informed of any such changes on a timely basis.”
Internal audit teams also are placing a growing focus on emerging risks, as 55% of respondents have a formal process to identify, assess, and report on emerging risks, and 44% provide their audit committees with a regular report on internal audit’s assessment of emerging risks.
Those numbers are likely to grow, as almost two-thirds (62%) of respondents who do not currently include emerging risks in their assessments plan to do so in coming years.
—Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine editorial director.