Presentation is loading. Please wait.

Presentation is loading. Please wait.

Who Owns Risk? A Look at Internal Audit’s Changing Role

Published byTobias Watts Modified over 6 years ago

Similar presentations

Presentation on theme: "Who Owns Risk? A Look at Internal Audit’s Changing Role"— Presentation transcript:

1 Who Owns Risk? A Look at Internal Audit’s Changing Role
Paul J. Sobel CIA, QIAL, CRMA Available free of charge: The IIARF encourages those who are presenting this slideshow to download the full report from The IIA Research Foundation and make it available to their audience.

2 CBOK 2015 Practitioner Study
CBOK is the Global Internal Audit Common Body of Knowledge: The global practitioner survey is the largest ongoing study of internal audit professionals in the world. More than 25 free reports about practitioners and the profession will be released from July 2015 to July Download free reports from the CBOK Resource Exchange at The IIA website at any time (

3 CBOK 2015 Practitioner Survey
Practitioner Survey Results Survey completed April 1, 2015 14,518 usable survey responses Participation Levels 100% representation from IIA institutes Responses from 166 countries 23 languages

4 CBOK 2015 Practitioner Study
Global Regions are based on World Bank Categories. Percentages are the percentage of total survey responses from that region compared to all survey responses. North America: 19% Latin America & Caribbean: 14% Middle East & North Africa: 8% Sub-Saharan Africa: 6% Europe & Central Asia: 23% South Asia: 5% East Asia & Pacific: 25%

5 CBOK 2015 Practitioner Study
The speaker does not necessarily need to say this, but it’s important to remember that each pie chart is based only on those who answered that particular question (in other words, not all 14,518 survey respondents provided an answer to every question.) Below are the specific number of responses for each question shown on the slide. Age was obtained from 12,780 respondents; Organization Type was obtained from 13,032 respondents; Gender was obtained from 14,357 respondents; Staff Level was obtained from 12,716 respondents. Age was obtained from 12,780 respondents; Organization Type was obtained from 13,032 respondents; Gender was obtained from 14,357 respondents; Staff Level was obtained from 12,716 respondents.

6 Who Owns Risk? Helps internal auditors understand the global practices around risk. Focuses on: Trends in Risk Management Internal Audit’s Positioning in Risk Management Internal Audit’s Risk Management Responsibilities Risk Approaches and Competencies

7 1. Trends in Risk Management
More than half (53%) of responding CAEs believe formal risk management processes are in place in their organizations. Formal risk management increased after the global financial crisis, but the growth may be slowing down. There are differences among regions, industries, and company sizes.

8 Risk Management Practices Among Regions

9 Key Actions for CAEs Be advocates for the advancement of formal risk management processes, regardless of industry. Seek opportunities to help expedite the implementation of formal risk management, and sustain it when it is already in place.

10 2. Internal Audit’s Positioning in Risk Management
Internal audit and ERM are separate in 80% of the organizations. There may be some blurring between the second and third lines of defense. Regional, industry, and size differences are also seen with this question.

11 Organizations with Internal Audit and ERM Separate by Industry

12 Key Action for CAEs Work with management and other internal assurance providers to ensure clarity of roles within the three lines of defense.

13 3. Internal Audit’s Risk Management Responsibilities
Almost half provide assurance on risk management as a whole. However, there are gaps between the percentage of companies with formal risk management and those providing assurance. 12% of audit plans are devoted to risk management assurance/effectiveness. Combined assurance is still not common.

14 Gap Between Formal Risk Management and Assurance by Region

15 Gap Between Risk Management Assurance and Combined Assurance by Region

16 Key Actions for CAEs Strive to provide assurance on risk management as a whole, not just on individual risks. When providing risk management assurance, ensure the criteria for such assurance are well understood. When conducting a risk-based audit, link the scope and results to specific business risks.

17 Key Actions for CAEs Continue to increase the percentage of the audit plan focused on risk management. Explore ways to integrate assurance with other internal assurance providers; combined and integrated assurance can be more effective and efficient.

18 4. Risk Approaches and Competencies
CAEs place more importance on risk management assurance/effectiveness than management. Risk assessment should be: Leveraged across assurance functions Updated at the “speed of risk” Maintained in appropriate technology

19 Risk Assessments

20 Additional Insights The two greatest inputs to audit plans are a risk-based methodology and requests from management. 82% consider their risk proficiency to be competent, advanced, or expert: Most of the novice and trained respondents were at the staff level. Risk proficiency varies somewhat by region and less so by industry.

21 Risk Proficiency Self-Assessments

22 Key Actions for CAEs Periodically discuss with management the key risk areas to ensure internal audit’s focus aligns with that of management. Work with risk-related functions to ensure appropriate leveraging and reliance on risk assessment efforts by all such functions. Update the risk assessment at the speed of risk, not based on the turning of a calendar page.

23 Key Actions for CAEs While requests from management should typically be considered for an audit plan, be cautious to ensure such requests do not divert valuable internal audit resources from higher- risk areas. Continue to grow internal audit capabilities around risk to ensure internal audit functions can meet the changing stakeholder expectations of the future in a world that increasingly becomes more complex and risky.

24 Summary Internal audit has and will continue to play an important role with risk. Increases in regulation have fueled some advances in formal risk management. Internal audit appears to be keeping up with these advances. However, paying attention to the Key Actions will help internal audit remain relevant around risk.

25 CBOK 2015 Releases Jul. 2015 Aug. 2015 Sept. 2015 Oct. 2015 Nov. 2015
IIA International Conference Governance, Risk, and Control Conference South Africa Conference IIA Financial Services Exchange ECIIA Conference All Star Conference Southern Regional Conference ACIIA Conference IIA Midyear Committee Meetings Jul. 2015 Aug. 2015 Sept. 2015 Oct. 2015 Nov. 2015 Dec. 2015 Driving Success in a Changing World: 10 Imperatives for Internal Audit Navigating Technology’s Top 10 Risks: Internal Audit’s Role Staying a Step Ahead: Internal Audit’s Use of Technology A Global View of Financial Services Audits: Challenges, Opportunities, and the Future Who Owns Risk? A Look at Internal Audit’s Changing Role Combined Assurance: One Language, One Voice, One View Responding to Fraud: Exploring Where Internal Auditing Stands Auditing the Public Sector: Managing Expectations, Delivering Results Measuring Internal Audit Value and Performance Core Competency Levels for Internal Auditors Please share information about the publication of upcoming CBOK reports and where to go for the free download.

26 CBOK 2016 Releases GAM Conference SoPac Conference
Leadership Conference IIA International Conference Jan. 2016 Feb. 2016 Mar. 2016 Apr. 2016 May 2016 Jun. 2016 The Skills Most Desired by IA Managers for Their Staffs Use of Third Parties by Internal Audit Interacting with Audit Committees CAE Career Path Women in IA: Representation and Trends Maturity Levels for IA Dept. Around the World How to Evaluate and Motivate Your Staff Certifications Held by Internal Auditors Ethical Pressures Faced by Internal Auditors IIA Standards: Conformance and Trends Quality Assurance and Improvement Program Trends Integrated Reporting Organizational Governance: Internal Audit's Role Additional reports that will be available for a free download..

27 YOUR DONATION DOLLARS AT WORK
FREE thanks to generous contributions from individuals, organizations, IIA chapters, and IIA institutes around the world. Download your FREE copy today at the CBOK Resource Exchange. The IIARF encourages those who are presenting this slideshow to download the full report from The IIA Research Foundation and make it available to their audience.

28 About The IIA Research Foundation
CBOK is administered through The IIA Research Foundation (IIARF), which has provided groundbreaking research for the internal audit profession for nearly four decades. Through initiatives that explore current issues, emerging trends, and future needs, The IIARF has been a driving force behind the evolution and advancement of the profession. For more information, visit:

29 Copyright and Disclaimer
The IIARF publishes this document for information and educational purposes only. IIARF does not provide legal or accounting advice and makes no warranty as to any legal or accounting results through its publication of this document. When legal or accounting issues arise, professional assistance should be sought and retained. Copyright © 2015 by The Institute of Internal Auditors Research Foundation (IIARF). All rights reserved. For permission to reproduce or quote, please contact

Download ppt "Who Owns Risk? A Look at Internal Audit’s Changing Role"

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
PROFESSIONAL ASSOCIATIONS: WHY PARTICIPATE? Presenter Name Company IIA Chapter/Institute.

PROFESSIONAL ASSOCIATIONS: WHY PARTICIPATE? Presenter Name Company IIA Chapter/Institute.
1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.

1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Globaliia.org Update on The IIA And The State of The Global Profession Richard F. Chambers, President & CEO The Institute of Internal Auditors.

Globaliia.org Update on The IIA And The State of The Global Profession Richard F. Chambers, President & CEO The Institute of Internal Auditors.
A Review ISO 9001:2015 Draft What’s Important to Know Now

A Review ISO 9001:2015 Draft What’s Important to Know Now
Www.globaliia.org The Institute of Internal Auditors: Serving the Global Internal Auditing Profession Gerry Cox, CMIIA, CIA, CRMA, Chief Executive, South.

The Institute of Internal Auditors: Serving the Global Internal Auditing Profession Gerry Cox, CMIIA, CIA, CRMA, Chief Executive, South.
2013 Office of City Auditor September 2013 Kenneth J. Mory CPA, CIA, CISA Presentation to the IIA Austin Chapter September 10, 2013.

2013 Office of City Auditor September 2013 Kenneth J. Mory CPA, CIA, CISA Presentation to the IIA Austin Chapter September 10, 2013.
Briefing to UNFPA on UNHCR Operations Geneva 07 February 2007.

Briefing to UNFPA on UNHCR Operations Geneva 07 February 2007.
The Role of Standards and Professional Bodies: Drivers of Development.

The Role of Standards and Professional Bodies: Drivers of Development.
The Institute of Internal Auditors

The Institute of Internal Auditors
2012 ICF Global Coaching Study The Business of Coaching: Fee and Revenue Drivers ICF Global Conference 2012 4 October2012 www.pwc.com.

2012 ICF Global Coaching Study The Business of Coaching: Fee and Revenue Drivers ICF Global Conference October2012
BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.

BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.
Staying a Step Ahead Internal Audit’s Use of Technology By Michael P. Cangemi Coauthor – Managing the Audit Function; former CAE, CFO, CEO, and AC Chair.

Staying a Step Ahead Internal Audit’s Use of Technology By Michael P. Cangemi Coauthor – Managing the Audit Function; former CAE, CFO, CEO, and AC Chair.
A SSOCIATION OF P UBLIC A CCOUNTS C OMMITTEES (APAC) Report on Implementation of SADCOPAC Conference Resolutions 2011 (Zimbabwe) and 2012 (South Africa)

A SSOCIATION OF P UBLIC A CCOUNTS C OMMITTEES (APAC) Report on Implementation of SADCOPAC Conference Resolutions 2011 (Zimbabwe) and 2012 (South Africa)
INSIGHT – Delivering Value to Stakeholders San Francisco Chapter of the IIA Tuesday, September 11, 2012 Patricia K. Miller Former IIA Chairman of the Board.

INSIGHT – Delivering Value to Stakeholders San Francisco Chapter of the IIA Tuesday, September 11, 2012 Patricia K. Miller Former IIA Chairman of the Board.
1 The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community.

1 The Auditor’s Role in Governance: Emulate, Evaluate, Educate Lori Cox, CIA, CGAP IIA Tucson Chapter President Director – Internal Audit, Pima Community.
The Opportunity Assuming the leadership role in the individual audit planning process is the first of several responsibilities that occupy the Senior Auditor’s.

The Opportunity Assuming the leadership role in the individual audit planning process is the first of several responsibilities that occupy the Senior Auditor’s.
Globaliia.org From Dubai to Beijing (How we use your GC input) Anton van Wyk, Chairman of the Board.

Globaliia.org From Dubai to Beijing (How we use your GC input) Anton van Wyk, Chairman of the Board.
Globaliia.org Capacity Building Phil Tarling, Past Chairman of the Board.

Globaliia.org Capacity Building Phil Tarling, Past Chairman of the Board.

Similar presentations

Ads by Google