Internal auditors are going to be asked to take on much harder tasks in the years ahead, according to a new study by the Institute of Internal Auditors (IIA). They won't just be looking for fraud or compliance problems. Now they are going to be examining corporate governance, keeping an eye on top executives' behavior and evaluating enterprise risk management processes. "Over the last decade, internal audit was focusing on complying with Sarbanes-Oxley," says Richard Chambers, the IIA's CEO. "Then, as we wound out of the initial phase of SOX, and into the financial crisis, the concern was with very fundamental risks--the financial performance of companies, and business and strategic risks. But two years ago, we started to see a dramatic shift to looking at the significant risk that inadequate corporate governance poses to the enterprise, and to the effectiveness of the risk management function."
Initial findings from a five-part survey show that over the next five years, internal auditors will focus more on corporate governance, ERM, strategic reviews, ethics audits and the migration to international financial reporting standards, and put much less emphasis on operational and compliance audits, auditing of financial risks, fraud investigations and internal controls evaluation.