What is the biggest challenge for internal audit in today's continually changing regulatory environment?
Resourcing, in two ways. First, the audit universe increases every year with the proliferation of new regulatory requirements. Internal audit departments need to provide coverage of implementation efforts on a project basis, address new risks on an ongoing basis, and provide significantly greater coverage of old areas subject to new scrutiny. Second, regulators, banks, and legal and consulting firms are competing for the same limited pool of compliance resources and chasing the same candidates. As a result of the competitive pressure, the cost of recruiting and retaining employees has gone up significantly, creating budget pressures.
What regulatory developments should internal audit expect in 2014?
The continuation of what we've seen for the past several years, including: 1) ongoing implementation of regulatory reform rules. In fact, we expect the pace to accelerate some in 2014, given the recent U.S. Senate confirmation of Consumer Financial Protection Bureau Director Richard Cordray and increasing pressure from the Obama Administration on financial regulators to implement the Dodd-Frank Wall Street Reform and Consumer Protection Act more broadly during the current term. 2) Continuing pressure on internal audit and other risk management functions to achieve "strong," rather than just "satisfactory," examination ratings. 3) Heightened expectations for internal audit to assess the effectiveness of the second line of defense. This has always included internal audit reviewing these functions from a governance perspective, but is now expanding into the expectation that it look at how the second line might have more effectively been involved in preventing or detecting individual issues that are noted by internal audit in first line operational or business line audits.