Management of risk still in need of improvement, survey shows

27 January 2017

The results of The Chartered Institute of Internal Auditors’ latest Governance and Risk Survey, published today (Friday 27 January), suggest that there is still a long way to go on the journey towards excellence in the management of risk.

The survey of more than 200 heads of internal audit shows that only 4% of organisations have reached a stage of ‘enabled risk’, in which risks are fully understood and their management is established as a part of day-to-day operations.

At the same time there has been  a gradual rise in the level of risk maturity reported in the annual survey over the last four years. Fifty-six per cent of respondents rated their employer’s risk maturity as ‘managed’, compared to 50% in 2013. Some 14%are still rated as being in the early stages of risk management – either ‘risk naïve’ or ‘risk aware’.

The Institute’s survey also suggests that, for the fourth year running, many internal audit functions in local government are seeing budget reductions. Nearly half (47%) of survey respondents in the sector said that they were expecting budgets to decrease.

The survey continues to track the emergence of clear trends in the knowledge and skills that internal audit needs. Notably, the proportion of respondents reporting ‘knowledge of the regulatory environment’ as one of the top five skills for internal auditors has risen by 11%.

A similar rise in the demand for expertise in information technology reflects the increasingly high-profile threat from cybercrime and data breaches.

Dr Ian Peters MBE, Chief Executive of the Chartered Institute of Internal Auditors, says:

“Our annual survey of heads of internal audit across sectors provides a useful barometer of the risks facing organisations and how internal audit functions are rising to the challenges to help protect their organisations.”