Page 17 - demo
P. 17
Internal audit can maximize its value to the organization by focusing
on key areas of risk and the adequacy of the company’s risk
management processes generally.
The survey results show that audit committees are looking compliance and financial reporting risks. They also want the
to internal audit to focus on the critical risks to the business, audit plan to be flexible and adjust to changing business and
including key operational risks (e.g., cyber security and risk conditions.
technology risks) and related controls—and not just
Q Beyond focusing on financial reporting and compliance risks,
what steps can internal audit take to maximize its value to your
organization? (select all that apply)
Expand audit plan on key areas of risk
(e.g., cyber security and key operational and 56%
technology risks) and related controls
Maintain flexibility in audit plan to adjust
to changing business and risk conditions 53%
Expand audit plan on effectiveness of
company’s risk management processes generally 49%
Improve talent and expertise in internal audit organization 42%
Helping to assess/“audit” the culture of the organization 27%
Company does not have an internal audit function 4%
Multiple responses allowed
None of the above 1%
Internal audit is most effective when it is focused on the functions within the organization to limit duplication
critical risks to the business, including key operational and, more importantly, to prevent gaps. Help maximize
risks (e.g., cyber security and technology risks) and collaboration between internal and external auditors.
related controls—not just compliance and financial
reporting risks. Help define the scope of internal
audit’s coverage—and if necessary, redefine internal As internal audit moves to a higher value-added model,
audit’s role. Challenge internal audit to take the lead in it should become an increasingly valuable resource for
coordinating with other governance, risk, and compliance the audit committee.
© 2017 KPMG Central Services, a Belgian Economic Interest Grouping (“ESV/GIE”) and a member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Belgium.