2018 Global Chief Audit Executive Research Survey Results. May 7, 2018

Transcription

1 2018 Global Chief Audit Executive Research Survey Results May 7, 2018

2 The profession has not been forced to innovate for decades 2

3 Organizations face increasing uncertainties The speed of change is unprecedented Organizations are adopting new technologies The breadth of risk continues to expand 3

4 Failure to act will see risk and change outpace Internal Audit 4

5 Overview of our Global Chief Audit Executive Research Survey What will the most innovative, leading Internal Audit functions of the future look like? How will they be impactful and deliver value to their organizations? 5

6 Insights from over 1,100 Chief Audit Executives representing Internal Audit functions from nearly 40 countries 6

7 While organizations are generally aware of the Internal Audit function Current state of Internal Audit Very aware of IA s capabilities and services 46% Not aware of IA s capabilities and services 3% Somewhat aware of IA s capabilities and services 51% Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 7

8 Current state of Internal Audit (cont d) Internal Audit is not always viewed positively within the organization IA is viewed very positively 33% Other 5% IA is viewed somewhat positively 53% Neutral view of IA 9% Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 8

9 Current state of Internal Audit (cont d) 60% 50% 40% 30% 20% 10% Still only 40% of CAEs surveyed believe they have strong impact and influence within their organizations 0% Yes strong impact and influence Partial some impact and influence No little to no impact and influence Not sure Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 9

10 Current state of Internal Audit (cont d) What are the key challenges your Internal Audit function faces in making more of an impact in your organization? 37% My IA function is missing key skills and/or talent needed 20% Scope of IA activities is too narrow (in terms of the assurance activities that are undertaken) 18% My position within the organization and my reporting relationship does not give me the appropriate visibility and/or authority 27% Budget allocated to IA function is insufficient 26% We are limited in terms of the advisory activities we perform Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 10

11 Stakeholders want and need more from Internal Audit Assure Advise Anticipate 11

12 Assurance needs are broad Core processes Truly greatest risks Assure Decision governance 3 LoD Behaviours Digital technologies 12

13 Assurance needs are broad Only 28% of CAEs indicated that their Internal Audit function has formally evaluated the broader organization s culture in the past 3-5 years Behaviours Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 13

14 Assurance needs are broad Assure Only 52% of CAEs indicated that their Internal Audit function has conducted a cyber-focused risk assessment to assess the organization s potential cyber exposures Truly greatest risks Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 14

15 but Internal Audit s role as an advisor is key to maximizing the function s value Control effectiveness 3 lines of defence enhancements Advise During change Assurance by design 15

16 although most of Internal Audit s activities currently undertaken relate to assurance Even balance of assurance and advisory 21% Mostly assurance, some advisory 63% Advise Only assurance 10% Only / mostly advisory, some assurance 4% Unsure / Other 2% Meanwhile, 59% of CAEs indicated that the proportion of advisory services undertaken by their Internal Audit function will increase over the coming 3-5 years. Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 16

17 Internal Audit can also help the business anticipate risk Risk Sensing Risk Learning Anticipate 28% of CAEs believe that risk anticipation or use of cognitive technologies will be key innovative developments impacting Internal Audit over the coming 3 to 5 years. 17

18 Innovate to transform 18

19 The Future Internal Audit

20 Internal Audit functions anticipate a focus on digital innovation Internal Audit innovation Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 20

21 Internal Audit s focus on innovation Of the IA functions with strong impact and influence, two-thirds expect to increase their investment in innovation over the next 3-5 years by: 25% 20% 15% 10% 5% 0% > $3M $1M - $2.9M $500K - $999K $250K - $499K $100K - $249K < $100K Not sure Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 21

22 Internal Audit s approach Of the IA functions with strong impact and influence, nearly two-thirds are using or are considering adopting an agile approach Unsure 14% Not considering adopting an agile approach 23% Currently using / considering adopting agile approach 63% Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 22

23 IA functions with strong impact and influence incorporate analytics more often than other IA functions 80% 70% Analytics 60% 50% 40% 30% 20% 10% 0% Part of Audit Planning Part of Audit Scoping During Fieldwork To Develop Reporting For Continuous Risk Assessment For Continuous Auditing To Provide Assurance Controls are Effective Analytics not Used IA Functions with Strong Impact & Influence Other IA Functions Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 23

24 Internal Audit functions with strong impact and influence have a greater commitment to analytics training Analytics (cont d) 60% 50% 40% 30% 20% 10% 0% Strong / Very Strong Commitment Little / Some Commitment No / Unsure of Commitment IA Functions with Strong Impact & Influence Other IA Functions Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 24

25 Evaluation of cyber exposures A much higher percentage of Internal Audit functions with strong impact and influence have conducted a cyber risk assessment 70% 60% 50% 40% 30% 20% 10% 0% Conducts cyber-focused risk assessments Does not conduct cyber-focused risk assessments IA Functions with Strong Impact & Influence Other IA Functions Not sure Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 25

26 A greater number of IA functions with strong impact and influence have either begun using RPA or are considering it Robotic process automation 80% 70% 60% 50% 40% 30% 20% 10% 0% Currently / Considering Using RPA Have Not Considered Using RPA Not sure IA Functions with Strong Impact & Influence Other IA Functions Source: Deloitte s 2018 Global Chief Audit Executive Research Survey 26

27 Key takeaways 27

28 Bringing IA 3.0 to life Automate core assurance Accelerate adoption of advanced analytics and automation Apply Agile principles Innovate to future proof the function Consider Next Gen resourcing models to secure talent and skills required Advise and anticipate don t just assure! 28

29 Be among the first to access the full results of our 2018 Global Research Survey Visit deloitte.com/globalcaesurvey 29

30 For more information If you would like to learn more about how to evolve your Internal Audit function, please contact one of the following professionals: Terry Hatherell Global Internal Audit Leader, Deloitte Ahmed Al Ansari Acting CEO, Dubai South Kris Wentzel Peter Astley Porus Doctor Americas Internal Audit Leader EMEA Internal Audit Leader APAC Internal Audit Leader 30