CHICAGO, Mar. 14, 2011 - A new survey of more than 300 chief audit executives (CAEs) by Grant Thornton LLP finds that while nearly half believe that the shifting regulatory landscape poses the greatest threat to their company, a vast majority (88%) do not believe that the Sarbanes-Oxley Act (SOX) should be repealed. Of those that believe SOX should be repealed, the cost of compliance is the main reason for doing so.
"Since the passage of SOX, organizations have had to dedicate significant resources to comply with a host of new laws and regulations," noted Warren Stippich, a Chicago-based partner and Grant Thornton's national Governance, Risk and Compliance solution leader. "Based on discussions with various CAEs during the survey process, many believe that SOX brings a continued focus by management on financial and governance-related controls. However, CAEs believe that compliance audit processes are now well-defined and are currently exploring ways to contribute value creation to the organization well beyond compliance monitoring and reporting."
Although 69% of CAEs report that their organization uses cloud computing and 45% expect their organization's use of the cloud for hosting applications to increase in the next 12 months, 64% also report that cloud computing is not part of their organization's internal audit plan. In addition, 43% of CAEs have yet to give any thought to security, governance, risk and controls in a cloud environment.
"These results indicate room for improvement in planning, auditing and risk mitigation efforts as cloud computing evolves," said Paul Kanneman, Dallas-based national managing principal of Grant Thornton's Business Advisory Services. "Surprisingly, the security and controls implications of cloud computing are not foremost in the minds of the CAEs we surveyed. However, as more IT activities take place in a cloud environment, CAEs will need to be prepared to address the inherent risks and plan their internal audit approach accordingly."
Other survey findings include:
- 66% of CAEs report that they are using data analytics to enhance the internal audit function
- only 72% of CAEs say that their organizations have formal anti-fraud policies and procedures in place
- 46% of the internal fraud investigations are led by CAEs
Grant Thornton conducted its first annual survey of chief audit executives (CAEs) to provide insights into current trends and identify how internal audit professionals are responding to the changing demands of their profession. The survey covered a range of topics: