PROTIVITI SURVEY FINDS INTERNAL AUDITORS MORE FOCUSED ON MANAGING AND LEVERAGING TECHNOLOGY TO PROTECT COMPANIES AGAINST RISKS

Results also indicate social media, mobile apps, cloud computing and IT securities are areas of concern

Protiviti Survey Highlights Key Audit Concerns

According to the 2014 Internal Audit Capabilities and Needs Survey Report (www.protiviti.com/IAsurvey) released by global consulting firm Protiviti, Internal auditors’ priorities are to better navigate social media risks, leverage technology to improve the audit process, and collaborate more with business partners to address organizational risks.

“Internal audit professionals’ plates are more than full as they strive to protect their companies from exposure to risk while assessing new technologies and learning new regulatory requirements and professional standards,” said Brian Christensen, executive vice president, global internal audit, Protiviti. “The responses to our survey reveal the myriad challenges – and opportunities ‑ they face under evolving business conditions. Those professionals who place a priority on being anticipatory, change-oriented and highly adaptive have the best chance of serving their organizations’ risk management needs effectively.”

More than 600 internal audit professionals, including chief audit executive (CAEs), responded to Protiviti’s eighth annual survey to assess the top priorities for internal audit functions. In addition to assessing general technical knowledge, audit process knowledge, and personal skills and capabilities, respondents to the 2014 survey also provided information about their companies’ audit processes for managing social media risk.

Social Media Risks Remain Problematic

Social Media Risks Continue to Present Challenges

For the second consecutive year, the survey asked about social media risks and their integration into the audit process. Nearly half (47 percent) of surveyed organizations do not include in their audit plans cybersecurity risk as it relates to social media.

According to respondents, the most important concerns related to social media risks include:

• Financial loss
• Interrupted business continuity
• Loss of intellectual property
• Loss of employee property
• Viruses and malware

Despite some signs of progress, the survey’s results suggest companies need to make dramatic improvements. For organizations that do have social media policies, significant concerns remain as many still fail to address critical issues. For example, in cases where respondents said a social media policy is in place, survey results showed that nearly 30 percent fail to address disclosure of employee information and only 66 percent address information security.

“It’s clear based on the survey results that companies are not doing enough to address social media risks and safeguards, and in turn are facing undue exposure to significant risks to their business,” said Christensen. “These results should persuade the board, executive management and CAEs to take a more active and vigilant approach to managing social media risks.”

Top Technical Knowledge Priorities Identified

Technical Knowledge – Top Five Priorities

Internal audit professionals assessed their competency in 49 areas of technical knowledge and then indicated whether they believe their knowledge is adequate or needs improvement. Based on the findings, the top areas for technical knowledge improvement are:

1. Mobile applications
2. NIST Cybersecurity Framework (a new addition to the list compared to previous surveys)
3. Social media applications
4. Cloud computing
5. Data analysis technologies

Audit Process Knowledge Improvement Areas

Audit Process Knowledge – Top Five Priorities

Respondents also evaluated 35 areas of audit process knowledge in terms of where they need to improve. The top priorities are:

1. Computer-assisted audit tools (CAATs)
2. Data analysis tools for data manipulation
3. Data analysis tools for statistical analysis
4. Auditing IT using new technologies
5. Data analysis tools for sampling

The results show that internal auditors are intent on improving the way they leverage technology, with a focus on methods for continuous monitoring and auditing, as well as advanced data analysis techniques. Results also indicate a desire to improve and become more proactive in dealing with technology-related risks by auditing IT security more effectively and improving approaches to fraud monitoring.

Personal Skills and Collaboration Emphasized

Personal Skills and Capabilities

Survey findings about personal skills and capabilities demonstrated a growing desire for internal auditors to work more collaboratively within the internal audit function and throughout their companies. In particular, CAEs identified the importance of communicating the role and importance of the audit function to internal and external partners.

About the Survey

Protiviti’s 2014 Internal Audit Capabilities and Needs Survey Report was fielded between September and October 2013. A majority of the survey participants work in publicly traded and privately held companies and represents virtually all industry sectors. A small percentage of respondents works for government and non-profit organizations. The full report of survey results and analysis is available at www.protiviti.com/IAsurvey.

Resources and Further Information Available

Additional resources Available: Webinar, Video, Podcast and Infographic

Protiviti will conduct a complimentary webinar exploring the survey’s results on April 17 at 10:00 a.m. PDT. The 90-minute webinar is eligible for CPE credit* and will be hosted by Christensen and David Brand, a Protiviti managing director and leader of the firm’s IT audit practice. Please register for the webinar at www.protiviti.com/webinars. Additionally, both a video and a podcast featuring Christensen discussing insights of the survey results are also available, along with an infographic, on the Protiviti website at www.protiviti.com/IAsurvey.

About Protiviti

Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 35 percent of FORTUNE 1000^® and FORTUNE Global 500^® companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.