MENLO PARK, Calif.
March 18, 2013
/PRNewswire/ -- Internal audit professionals are adjusting rapidly to new challenges in a changing business environment and prioritizing social media, fraud risk, and data analysis tools as key areas for improvement in the year ahead, according to the
2013 Internal Audit Capabilities and Needs Survey Report
) released today by global consulting firm Protiviti (
While the seventh annual edition of the study surveyed more than 1000 internal audit professionals about their technical and audit process knowledge, a key focus of this year's report was on social media usage and related audit processes and policies. Key findings show that 43 percent of respondents have no social media policy within their organizations, and among companies with a social media policy, many fail to address basic issues. In fact, information security and approved use of social media applications are areas that are not covered in nearly one in three organizations (30 percent).
What may be the most striking result from the survey is that more than half (51 percent) of organizations do not address social media risk as part of their risk assessment process, with 45 percent indicating that they have no plans to do so in the coming year's audit plan. Additionally, of those that do address social media risk, 84 percent rated their organizations social media risk-assessment capability as "not effective" or just "moderately effective."
"The survey findings are surprising in that they show how many businesses are either inadequately prepared or altogether inactive in putting effective processes and policies in place around social media," said
, executive vice president, global internal audit, at Protiviti. "From a risk management perspective, this poses significant potential problems for businesses that can range from reputational risk to IT infrastructure risk as a result of unchecked exposures to customer, vendor and company information."
Evaluating Technical and Audit Process Knowledge
In terms of rating general technical knowledge, internal auditors identified
social media applications
as the top area for improvement – by a substantial margin – mirroring the 2012 findings. Issues related to
fraud risk management
are also among the top priorities on the list of areas that need to improve. Notably,
fraud risk management
ranked 13 out of 51 evaluated areas, despite respondents giving it one of the highest scores for existing competency.
Respondents also evaluated 42 areas of audit process knowledge in terms of where they need to improve, and ranked data analysis tools and fraud as the predominant issues of concern. Eight of the top 10 priorities in audit process knowledge that most need improvement were related to data analysis tools (
ranked #9) and fraud (
fraud risk assessment
ranked #10). In contrast, there were no fraud related issues ranked among the top five areas for improvement in 2012 or 2011.
"The internal audit function has a tremendous responsibility for ensuring that rigorous and systematic scrutiny is applied to business processes and emerging risks in real-time," said Christensen. "Organizations can't afford to have inefficiencies or undue exposure to risk, and a critical aspect of eliminating these problems is to understand areas that require improvement."