CAE Survey

Internal Audit’s Shortcoming

A new Deloitte report finds internal audit functions fall short of stakeholder demands.
By: | September 7, 2016 • 4 min read

The majority of chief audit executives (CAEs) believe that their internal audit functions don’t have the capabilities to meet stakeholder demands, according to a new Deloitte survey.

Advertisement




They also think that their functions lack a strong influence over the board of directors and executive team, the report found.

More than half (57 percent) of CAEs surveyed said that they weren’t convinced their internal audit groups have the skills and expertise to deliver on stakeholder expectations in terms of efficient audits, insightful reports and effective decision support, let alone meeting future demands.

And only 13 percent of respondents said that they were “very satisfied” their functions have the skills to meet the expectations of shareholders.

More worryingly though, 72 percent believe their internal audit functions do not have a strong impact and influence over the board of directors, executive team and other key personnel. A further 16 percent said that their internal audit had little to no impact and influence.

“Internal audit has been scrambling to meet escalating needs in areas such as cyber security, regulatory compliance, corporate governance and third-party risk management.” – Terry Hatherell, global internal audit leader, Deloitte

We believe that this low satisfaction level with the function’s skills is indicative of the increasing complexity of risks facing organizations and the greater need for specialized skills within internal audit to completely assess these risks and the risk management effectiveness over these risks,” said Terry Hatherell, Deloitte’s global internal audit leader.

DeloitteTerryHatherell-WEB

Terry Hatherell, global internal audit leader, Deloitte

“Internal audit has been scrambling to meet escalating needs in areas such as cyber security, regulatory compliance, corporate governance and third-party risk management. These findings are concerning and indicate a need for internal audit groups to substantially increase their relevance within their organizations,” he said.

The inaugural survey of more than 1,200 CAEs from 29 countries also found that the biggest skills gaps among their function were cyber, cloud computing and other specialized IT skills (42 percent).

That was closely followed by data analytics (41 percent), risk modeling (27 percent), innovation (26 percent) and fraud detection (24 percent).

Hatherell said that such skills were in high demand and short supply, forcing CAEs to turn to alternative resource models, particularly co-sourcing with third parties and the adoption of rotation and guest auditor programs.

Tied in with this, CAEs view talent gaps and access to quality data as key barriers to the greater adoption of analytics.

According to the report, they cited risk anticipation (39 percent) and data analytics (34 percent) as the two innovations most likely to impact their internal audit function in the next three to five years.

Currently 86 percent of those surveyed use analytics, however only 24 percent use them at an intermediate level and 7 percent at an advanced level.

A little over half (58 percent) of respondents expect to be using analytics in at least half of their audits over the next three to five years, with 37 percent anticipating they will employ it in at least 75 percent of their audits.

“While using analytics to deliver audits more efficiently is an important goal, the survey results lead us to believe internal audit should capitalize on the wealth of available data to deliver more insightful views of business issues and risks to stakeholders.” – Neil White, Advisory partner and internal audit analytics leader, Deloitte

Neil White, an Advisory partner and internal audit analytics leader at Deloitte, said that the need to enhance analytics tools and techniques was a top priority.

DeloitteDougAnderson-WEB

Doug Anderson, managing director – CAE Solutions, Institute of Internal Auditors

“While using analytics to deliver audits more efficiently is an important goal, the survey results lead us to believe internal audit should capitalize on the wealth of available data to deliver more insightful views of business issues and risks to stakeholders.”

Doug Anderson, the Institute of Internal Auditors’ (IIA) managing director – CAE Solutions, said that Deloitte’s findings affirmed what the IIA had been telling its members for some time.

Increasingly, he said that CAEs were looking for different skills sets when hiring, including analytical/critical thinking, communication and data mining and analytics.

He added that it was also important for internal audit to provide assurance on how data is being collected and analyzed within their organization.

“The era of internal audit simply providing hindsight has long past,” he said.

“Modern internal audit functions must offer insight and foresight that help organizations identify and manage risks, build successful business strategies, and nurture cultures that support good governance.

Advertisement




“It is up to internal audit leaders and practitioners to develop the skills to meet those demands and develop trusting and honest relationships with stakeholders that position the organization for success.

“Increasing stakeholder confidence in internal audit requires the profession to step up to meet these new demands.”

Going forward, the survey concluded that CAEs needed to assess the talent and skills gaps within their internal audit function and take the appropriate action. They also needed to embed analytics into all of their processes in order to increase efficiency and value throughout the organization, said the report.

Alex Wright is a U.K.-based business journalist, who previously was deputy business editor at The Royal Gazette in Bermuda. You can reach him at [email protected]

More from Risk & Insurance

More from Risk & Insurance

4 Companies That Rocked It by Treating Injured Workers as Equals; Not Adversaries

The 2018 Teddy Award winners built their programs around people, not claims, and offer proof that a worker-centric approach is a smarter way to operate.
By: | October 30, 2018 • 3 min read

Across the workers’ compensation industry, the concept of a worker advocacy model has been around for a while, but has only seen notable adoption in recent years.

Even among those not adopting a formal advocacy approach, mindsets are shifting. Formerly claims-centric programs are becoming worker-centric and it’s a win all around: better outcomes; greater productivity; safer, healthier employees and a stronger bottom line.

Advertisement




That’s what you’ll see in this month’s issue of Risk & Insurance® when you read the profiles of the four recipients of the 2018 Theodore Roosevelt Workers’ Compensation and Disability Management Award, sponsored by PMA Companies. These four programs put workers front and center in everything they do.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top,” said Steve Legg, director of risk management for Starbucks.

Starbucks put claims reporting in the hands of its partners, an exemplary act of trust. The coffee company also put itself in workers’ shoes to identify and remove points of friction.

That led to a call center run by Starbucks’ TPA and a dedicated telephonic case management team so that partners can speak to a live person without the frustration of ‘phone tag’ and unanswered questions.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top.” — Steve Legg, director of risk management, Starbucks

Starbucks also implemented direct deposit for lost-time pay, eliminating stressful wait times for injured partners, and allowing them to focus on healing.

For Starbucks, as for all of the 2018 Teddy Award winners, the approach is netting measurable results. With higher partner satisfaction, it has seen a 50 percent decrease in litigation.

Teddy winner Main Line Health (MLH) adopted worker advocacy in a way that goes far beyond claims.

Employees who identify and report safety hazards can take credit for their actions by sending out a formal “Employee Safety Message” to nearly 11,000 mailboxes across the organization.

“The recognition is pretty cool,” said Steve Besack, system director, claims management and workers’ compensation for the health system.

MLH also takes a non-adversarial approach to workers with repeat injuries, seeing them as a resource for identifying areas of improvement.

“When you look at ‘repeat offenders’ in an unconventional way, they’re a great asset to the program, not a liability,” said Mike Miller, manager, workers’ compensation and employee safety for MLH.

Teddy winner Monmouth County, N.J. utilizes high-tech motion capture technology to reduce the chance of placing new hires in jobs that are likely to hurt them.

Monmouth County also adopted numerous wellness initiatives that help workers manage their weight and improve their wellbeing overall.

“You should see the looks on their faces when their cholesterol is down, they’ve lost weight and their blood sugar is better. We’ve had people lose 30 and 40 pounds,” said William McGuane, the county’s manager of benefits and workers’ compensation.

Advertisement




Do these sound like minor program elements? The math says otherwise: Claims severity has plunged from $5.5 million in 2009 to $1.3 million in 2017.

At the University of Pennsylvania, putting workers first means getting out from behind the desk and finding out what each one of them is tasked with, day in, day out — and looking for ways to make each of those tasks safer.

Regular observations across the sprawling campus have resulted in a phenomenal number of process and equipment changes that seem simple on their own, but in combination have created a substantially safer, healthier campus and improved employee morale.

UPenn’s workers’ comp costs, in the seven-digit figures in 2009, have been virtually cut in half.

Risk & Insurance® is proud to honor the work of these four organizations. We hope their stories inspire other organizations to be true partners with the employees they depend on. &

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]