The Changing Face of Internal Audit

Brian Christensen is Executive Vice President – Global Internal Audit for Protiviti, a subsidiary of Robert Half. Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. The following reviews key findings from Protiviti’s 2014 Internal Audit Capabilities and Needs Survey, an annual study that assesses competency levels and areas of improvement for CAEs and internal audit professionals. The survey report and other resources can be found at

Protiviti’s 2014 Internal Audit Capabilities and Needs Survey , gleaning feedback from more than 600 chief audit executives (CAEs) and professionals, paints a fast-changing world in which “proactivity” – behavior that is anticipatory, change-oriented and highly adaptive – is the reigning mantra (see infographic below). The professionals who practice it are in the greatest demand, according to our latest survey.

Such behavior is essential because today’s internal auditors must anticipate and respond to a constant stream of new challenges – many of which deliver uncertain and still unfolding risk implications.

Among the survey’s key findings:

Social media, mobile applications, cloud computing and security are critical areas of concern .

The explosive use of such technologies has made mitigating the associated risk a priority for CAEs. Nevertheless, while most CAEs say the subject is top of mind, 44 percent of respondents said social media risk isn’t part of their audit plans – and they have no plans to include it in the foreseeable future. In addition, although a majority of organizations (60 percent) readily acknowledge the absence of social media risk in their audit plans, they still rate their ability to mitigate such risk as moderately effective or better. This disconnect in the responses signifies more progress needs to be made on this front. From a human resources perspective, this gap suggests that a career opportunity has emerged for internal audit professionals with a strong understanding of social media and its associated risks.

Internal auditors plan to strengthen their knowledge of computer-assisted auditing tools (CAATs) along with continuous auditing and monitoring techniques .

And according to numerous analyst firms and research studies, the amount of data in the world is doubling every 18 months to 2 years. Therefore, it’s no surprise that internal auditors are seeking to harness technology to enhance their effectiveness. Since 2012, auditing information technology and CAATs have been of paramount importance to CAEs, according to a three-year trend comparison provided in the Protiviti survey’s results.

Auditors are concentrating more time and attention on fraud prevention and detection.  

This is critical in increasingly automated business environments and workplaces. Tech-savvy auditors are in demand.              

Auditors are feeling the heat to keep pace with key regulatory and rule-making changes.  

These include the new National Institute of Standards and Technology‘s (NIST) Framework for Improving Critical Infrastructure Cybersecurity and the updated COSO Internal Control-Integrated Framework . Although a lingering perception persists that internal auditors should come from an accounting background, this is a good example of how a background in government relations, communications and the law can be applied in this evolving field.

Internal auditors’ longstanding desire to improve collaboration within their businesses has intensified .

This is evident in the priority that CAEs and respondents place on communicating – and even marketing – the expertise and value that internal audit provides to the rest of the enterprise. Indeed, among the “soft skills” identified by respondents as needing the most improvement:

  • Presenting (public speaking) 

  • Negotiation

  • Persuasion

  • Dealing with confrontation

  • Time management

In Protiviti’s report, we recommend action steps internal auditors can take to enhance this dialogue within their organizations. For example, we suggest executing a branding effort designed to better educate all areas of the business about internal audit‘s role. Another idea: establishing rotational programs to expose internal auditors to as many different parts of the business as possible.


I’d be interested in hearing from you: Are our findings in line with your organization’s capabilities and needs? How are these priorities likely to change going forward?

Related blogs can be found at The Protiviti View, which features commentary, insights and points of view on key challenges and risks facing companies today.