Boards missing out on audit help, adviser says

Internal audit said to be using data in new ways that could guide directors

Neil White

Neil White

Corporate boards have the opportunity to take advantage of a more evolved internal audit function, but few are yet to do so, according to a principal in Deloitte & Touche’s advisory practice.

Internal audit teams have traditionally been used to give assurance to the board that the company is in compliance with regulations – notably the Sarbanes-Oxley Act, which requires all public companies to submit an annual assessment of the effectiveness of their internal financial auditing controls.

But these teams can also offer their boards strategic insight and foresight by using new data-processing techniques, Deloitte global internal audit analytics leader Neil White tells Corporate Secretary. The question is whether, given the cost of providing compliance assurance, internal audit can do that part of its work more efficiently – leaving it time to offer more value-added advice, White says.

At issue is internal audit analytics, which can be thought of in essence as using data, statistics, models and similar tools to drive better corporate decision-making. One example would be internal audit at financial services firms analyzing social media data then taking its findings to discuss how the business is operating so as to be better able to advise the board, according to White.

A lot of board members struggle with the idea of such an approach by internal auditors and don’t see the bigger role they can play, he says, but others take a more positive and practical view and there is a changing mind-set.

Opinion also seems to be mixed among internal audit leaders. A Deloitte survey released early last year finds that although just 7 percent of chief audit executives (CAEs) report using internal audit analytics at an advanced level, 34 percent believe this changing role is the near-term future.

White says audit committees can play a critical role in moving toward this new role for internal audit because they have oversight of the function. Some internal auditors also need to change their mind-set, he adds.

According to a Deloitte notice, the board – particularly the audit committee – should be asking CAEs questions to help ensure their company gets the greatest insight out of the internal audit team, including:

  • Has your team begun assessing how analytics could enable internal audit professionals to shift away from a retrospective view and into an insights-driven proactive view of our organization?
  • How could internal audit analytics affect the internal audit process and communication of results?
  • How can internal audit most effectively collaborate with IT and other groups?
  • What data do we need to answer the important questions?
  • How can we measure our progress and capture lessons learned?

You must be registered to comment.

Please Sign In or Register.

10 questions every board should ask in overseeing cyber risks

The consequences of a data breach could be significant. Recognizing that directors can protect themselves from liability in the case of a breach by taking an active oversight role in their company’s cybersecurity preparedness, this paper sets out to provide boards with some practical advice about how to approach cybersecurity oversight, focusing on ten key categories of questions.

Please click here to download the report.

Nasdaq Corporate Solutions

Nasdaq Corporate Solutions helps organizations manage and master the two-way flow of information with their audiences. Around the globe, market leaders rely upon our unmatched suite of advanced technology, analytics and consultative services to maximize the value of their work—from investor relations and corporate governance to public relations and communications.

Nasdaq MeetX and Directors Desk board portals help streamline meeting processes, accelerate decision-making and strengthen governance. Used by public, private and non-profit organizations, including over half of the Fortune 500, our platforms provide an effective solution for paperless meeting management and combine functionality with robust security features, ease-of-use and mobility.

Visit us at:

We use cookies to make our website function properly and deliver our services. By using our website, you agree to our use of cookies, please click here to learn how to manage and delete cookies.