Internal auditors seem to agree they're taking risk more seriously and acknowledge that huge resources are being thrown into compliance with Section 404 of Sarbanes-Oxley. But they're not being as conscientious as they should and serious gaps are emerging, according to a Pricewaterhouse Coopers report.
PwC's State of the internal audit profession study found that only 7 per cent of internal auditors updated their assessments continuously (meaning more than once a month), 49 per cent said they updated when they decided it was needed and at no regular interval and 15 per cent said they didn't update their annual risk assessments at all.
One of the most alarming parts of the survey was that levels of confidence varied according to area of focus. The biggest area of confidence was in finance. In that area, 64 per cent said they were very confident. Compare that with technology, where only 33 per cent said they were very confident. In fraud, only 29 per cent said they were very confident, and in strategy only 20 per cent said they were very confident, and 30 per cent said they had no confidence in the system at all.
When asked who, if anyone, was conducting an annual risk assessment at their companies, 18 per cent said no one.
Cavalcade of Risk #26 is up, and this post is in it:
http://www.insuranceshoppers.net/blog1/2007/05/23/cavalcade-of-risk-26/
Be well,
Hank Stern