Insights into the Evolving Needs of Canadian Internal Audits

MNP recently conducted a survey of members of the Institute of Internal Auditors to determine what the top challenges and trends internal auditors see ahead. We polled internal auditors serving a broad range of industries and sectors, including crown corporations, government ministries, public and private corporations and post-secondary education institutions, to gain their insight.

Key Internal Audit Challenges

Not surprisingly, the biggest challenge voiced by the majority of the polled members was being able to do their job effectively, across the board. As the ones responsible to assess how each department within an organization is performing, having the capability to effectively audit all the subject areas in their universe – Information Technology (IT), Cyber Security, Business Continuity, Fraud, Procurement, Risk Management – ranked the highest.

Not far behind was ensuring auditors had the data analytics skills to effectively decipher and interpret mass amounts of data, followed by adequate budget and resources to accomplish their audits. Members with privately owned companies were the most concerned with cultural acceptance of governance, risk and control.

56% of internal auditors were concerned by their capability to effectively audit all the subject areas

One third were challenged by data analytics skills and capabilities

27% lacked adequate budget and resources

Top Three Planned Internal Audit Projects

Just over half (52 per cent) of the members polled – most of them in publicly traded companies- listed cyber security first in the top three projects for the upcoming year. The cyber focus was on a range of topics, from conducting IT security audits, threat and risk assessments, testing how vulnerable critical units were to cyber breaches and how educated staff were to combat social cyber attacks such as phishing.

Overall, data analytics came in second, demonstrating organizations’ increased awareness of big data as a competitive tool. Third in line for planned projects in 2017 was evaluating the effectiveness of their enterprise or operational risk management programs.

It should be noted 55 per cent of members polled who work with government agencies highlighted value for money as the focus of their top project in the survey, with private companies conducting evaluations of their enterprise risk management programs in first place.

1 in 3 are planning data analytics and/or continuous monitoring

More than half (52%) put cyber security at the top of their project list

25% will be launching effectiveness of enterprise or operational risk management programs

Meeting Audit Committee and Board Expectations

Internal auditors often are not recognized for the critical role they play in ensuring an enterprise, organization or even government entity runs smoothly. And yet, audit committees and senior executives often have high expectations for them. Members overwhelmingly picked providing assurance around how effective an organization’s programs, services and processes are as the top expectation for their function.

While internal auditors of publically traded entities ranked technology risks as second on their boards’ and audit committees’ agendas, the other survey participants – including government ministries, crown corporations and privately owned companies – rated enhanced reporting as second on the list of senior executive expectations. Risk and controls advisory functions on special projects such as major business transformation, mergers and acquisitions or large IT projects, was the third most cited expectation.

A whopping 78% said assurance: Around the effectiveness of programs, services and processes

40% said enhanced reporting: Follow-up audits, reporting on aging of individual open action plans, trends

38% cited risk and controls advisory on special projects: Special as in major business transformation, large IT projects, mergers and acquisitions

For more information on how MNP can help, contact:

Mariesa Carbone CPA, CA, ABCP, CRMA

Partner, National Enterprise Risk Services Leader

T: 780.453.5377

E: [email protected]

Geoff Rodrigues CPA, CA, CIA, ORMP

Partner, National Internal Audit Leader

T: 416.515.3800

E: [email protected]