Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​Well-deserved Criticism?

Internal auditors have taken heat from numerous reports, though many don’t show the full picture of the profession.

Comments Views

During the last few years, internal auditing has faced significant criticism from both stakeholders and practitioners. Much of it centers around audit effectiveness and the profession’s ability to identify and report risks and failures, as highlighted in research from professional service firms. The IIA’s own 2019 North American Pulse of Internal Audit points to audit communication deficiencies and potential misalignment with corporate boards on risk areas. But does the profession deserve all of this criticism? Is it truly underperforming? 

In my experience, senior management at publicly listed companies mostly views internal audit as a necessary evil — a nonessential service function that is either required by a listing exchange or by corporate boards. Otherwise, there is no general appetite to maintain an internal audit function unless the senior executive team, or the board, recognizes the value internal audit adds in providing assurance and improvement opportunities. Because internal audit is not valued, it is not granted sufficient operating budget, which limits the function’s ability to cover organizational risks. 

Not surprisingly, many surveys of the profession reveal that internal audit struggles to attract and retain talent, is mostly underfunded, and lacks resources, including technology. Gartner’s 2018 Audit State of the Function report projected budgets increasing only slightly in 2019 and flat head count for 2019, consistent with prior years. And among respondents to Deloitte’s 2018 Global Chief Audit Executive survey, more than 40% said their audit functions lacked skills and talent; plus, only 21% used advanced analytics. How can the profession proactively identify and manage cutting-edge risks in areas such as blockchain, cybersecurity, and fraud when it does not have appropriate capital and technology?

But limited budgets and resources are not the profession’s only impediments — lack of control over internal audit’s activities and purview, as manifested through our organizational reporting relationships, also presents a problem. At most U.S. publicly listed firms, the chief audit executive reports administratively to the chief financial officer (CFO) and functionally to the audit committee. This configuration risks the CFO providing insufficient budget and other resources and using internal audit to complete projects and tasks not included in the audit plan — activities that might ordinarily fall on other CFO functions — thereby detracting from internal audit’s ability to conduct risk-based audits or complete its plan. 

Given its limited budgets, inadequate technology resources, understaffing, and lack of autonomy, the profession does not deserve much of the harsh criticism it has received. Only when the audit function is truly independent and empowered will it be able to provide effective support to management and the board, sit at the forefront of risk management, and be able to proactively identify and help remedy corporate misconduct and fraud.  

Chris Dogas
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Chris DogasChris Dogas <style> p.p1 { line-height:9.0px; font:8.0px 'Interstate Light'; } span.s1 { font:8.0px Interstate; letter-spacing:-0.1px; } </style> <p>Chris Dogas, CRMA, CPA, CFE, is vice president of Internal Audit at a large technology company in the New York metropolitan area.</p>


Comment on this article

comments powered by Disqus
  • AuditBoard-April-2021-Premium-1
  • PwC-April-2021-Premium-2
  • Pulse-of-Internal-Audit-April-2021-Premium-3



Thanks, We Already Know That, We Already Know That
U.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radar SEC: Environmental, Social, and Governance Risks Better Be on Your Radar
Six Data Privacy Predictions for 2020 Data Privacy Predictions for 2020
Public Servants Are Vital to Defeating COVID-19 Servants Are Vital to Defeating COVID-19