Joined-up approach and methodology is urged
Corporate auditors are growing
increasingly frustrated at the lack of consistency in the way risk assessments
are performed, according to a new study by PricewaterhouseCoopers.
The firm’s third annual study of
current issues for the internal audit profession reveals concerns over the number
of divergent and conflicting trends related to risk assessment.
Over 80 per cent of respondents reported
conducting an annual enterprise-wide risk assessment. However, only a handful of those surveyed
said they update the internal audit risk assessment continuously, while 64
percent may do little or nothing between annual assessments.
The study revealed a notable lack of consistency
around the assessment of risk. At
one-third of the companies surveyed, multiple enterprise-wide risk assessments
are conducted across the organization. However, only 20 per cent of this group consider these assessments well-
aligned, while 50 percent said they are ‘somewhat’ aligned and 30 percent said
they are not well-aligned, with little or no coordination among the parties
making the assessments.
Audit committees are losing patience with multiple
risk assessments that don't say the same thing, according to Dick Anderson,
partner, PricewaterhouseCoopers.
"A company is inviting inefficiencies and
possibly missing risks if its enterprise-wide risk assessments are not aligned
or integrated."
It was to help companies avoid such potentially
damaging scenarios that Categoric developed the technology that has been
delivering continuous audit solutions for several years.
Categoric’s VP of Marketing Paul
Humphries says: "Businesses need reassurance that the information produced
for decision-making is both accurate and reliable and that the control
procedures in place are effective. The
role of audit is moving away from the historic, backward-looking and
rather isolated, financially-driven testing to a more fluid business function
and this is provoking a shift in the focus of some audit activities.
"Risk must be monitored and assessed on an
ongoing basis. Categoric’s Accord, a platform
independent solution for governance, risk and compliance (GRC), is
designed to support the corporate need for joined-up event management
technology and reporting. Indeed, it is
focused not only on the currently popular areas of GRC, but also for
non-financial regulation, environmental compliance, social and ethical
oversight and the newly emerging area of Supply Chain Governance.
"Our technology addresses the need for a
unified governance management framework that incorporates not only continuous
auditing and monitoring but also, equally importantly, the capability to
initiate variable automated responses to particular exceptions."
…end…
To download a full copy of the PwC report, entitled
"PricewaterhouseCoopers 2007 State of the Internal Audit Profession Study:
Pressures Build for Continual Focus on Risk," visit www.pwc.com/internalaudit.
You may comment on this article if you are a registered user.
Please login or register. Powered by AkoComment Tweaked Special Edition v.1.4.6
AkoComment © Copyright 2004 by Arthur Konze - www.mamboportal.com
All right reserved |
