Page 17 - demo
P. 17

Internal audit can maximize its value to the organization by focusing
        on key areas of risk and the adequacy of the company’s risk

        management processes generally.


        The survey results show that audit committees are looking   compliance and financial reporting risks. They also want the
        to internal audit to focus on the critical risks to the business,  audit plan to be flexible and adjust to changing business and
        including key operational risks (e.g., cyber security and   risk conditions.
        technology risks) and related controls—and not just


        Q           Beyond focusing on financial reporting and compliance risks,

                    what steps can internal audit take to maximize its value to your
                    organization? (select all that apply)



                              Expand audit plan on key areas of risk
                         (e.g., cyber security and key operational and                                 56%
                              technology risks) and related controls



                            Maintain flexibility in audit plan to adjust
                            to changing business and risk conditions                                  53%



                              Expand audit plan on effectiveness of
                     company’s risk management processes generally                                49%




               Improve talent and expertise in internal audit organization                   42%





                Helping to assess/“audit” the culture of the organization         27%





                     Company does not have an internal audit function  4%



                                                                                   Multiple responses allowed
                                             None of the above  1%
        Internal audit is most effective when it is focused on the   functions within the organization to limit duplication
        critical risks to the business, including key operational   and, more importantly, to prevent gaps. Help maximize
        risks (e.g., cyber security and technology risks) and   collaboration between internal and external auditors.
        related controls—not just compliance and financial
        reporting risks. Help define the scope of internal
        audit’s coverage—and if necessary, redefine internal   As internal audit moves to a higher value-added model,
        audit’s role. Challenge internal audit to take the lead in   it should become an increasingly valuable resource for
        coordinating with other governance, risk, and compliance   the audit committee.




        © 2017 KPMG Central Services, a Belgian Economic Interest Grouping (“ESV/GIE”) and a member firm of the KPMG network of independent member firms affiliated with KPMG International
        Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Belgium.
   12   13   14   15   16   17   18   19   20   21   22