Employees’ skills (55 percent), the use of data to stimulate an innovative audit approach (55 percent), the complexity and uncertainty of regulations (55 percent) and the need to strengthen corporate governance and strategic processes (53 percent) represent the main challenges faced by internal audit departments in Romania, according to the Internal Audit in the Era of Continuous Transformation survey, conducted by KPMG in Romania.
The survey, conducted among heads of the internal audit function, presents their priorities and challenges in 2019 given the transformation of internal audit into a function with a strategic role for companies, as considered by almost two thirds of respondents (63 percent). However, for other respondents (37 percent), internal audit is not yet ready to go beyond the level of a compliance function.
“The expectations of the internal audit function have never been higher, as the role of internal audit is now placed in a strategic perspective in many large corporations. It is true that corporate governance, risk management and internal controls are today in the hands of regulators, stakeholders and the general public. Thus, internal auditors need to be proactive and receptive to market challenges. However, their role is much more important than this. If the resources are allocated to actions that do not support a strategic goal, then the concern and responsibility of the board of directors will be to identify the reason for such a waste of resources and to redirect them to optimal use. At this point, internal audit becomes a key tool of governance, in its strategic approach of monitoring the efficiency and effectiveness of the business. Moreover, the audit committee and board of directors must ensure, including through a periodical independent external assessment, that the internal audit function has an appropriate position in the organization and the necessary human resources and processes to respond in order to be in line with the objectives and strategic initiatives of the company”, says Cezar Furtuna, Partner and Head of Audit & Assurance, KPMG in Romania & Moldova.
According to the survey results, the main priorities for the audit plan considered by Romanian heads of the internal audit function include: ensuring operational efficiency and effectiveness (89 percent), alignment of internal audit activities to the organisation’s objectives (71 percent) and ensuring compliance with the applicable regulatory framework (58 percent). The driving factors in developing the internal audit plan are the use of a risk-based methodology for 92 percent of respondents, as well as requests from the audit committee (76 percent) or the evolution of regulatory requirements (71 percent).
The concern for adequate training to be provided for internal audit department personnel is not further reflected in the budgets allocated to professional training courses – which cover less than 5 percent of the total budget of the internal audit department (71 percent of respondents) – despite the respondents’ expressed need to have professionals with various skills in areas such as IT, fraud investigation, data and data analytics (89 percent), technical skills in relation to the main processes of the company (84 percent) or internal audit skills (79 percent).
Other key findings:
- 66 percent of respondents consider the effectiveness of the risk management framework to be the biggest challenge facing Romanian companies, followed by cyber security risk management (42 percent) and talent retention (39 percent). However, cyber security is ranked 8th on the list of priorities of the internal audit function within the internal audit plan.
- A significant number of internal auditors consider that the analysis and interpretation of big data is essential during internal audit missions (63 percent think it important and 37 percent very important), while 63 percent of internal auditors use technology to increase efficiency.
- A high proportion of respondents (58 percent) use independent external assessments of internal audit activity every five years, in compliance with the requirements imposed by international internal audit standards.
“Law No. 162/2017 on the Statutory Audit of Annual Financial Statements and Annual Consolidated Financial Statements reiterates the existing requirement in the Company Law (Law 31/1990) and EGO 75/1999, according to which companies whose annual financial statements are subject to statutory audit are required to organize and ensure the carrying out of internal audit activity. What’s new this time? Why have you probably heard so much discussion about this topic? Perhaps because Law 162 also sets a penalty for those companies which do not comply with these provisions –a fine ranging from RON 50,000 to RON 100,000. Therefore, most probably, we will see accelerated implementation of these provisions in the near future. Our survey highlights, among other aspects, that internal audit should not be perceived and implemented as a ticking of a regulatory requirement, but as a beneficial activity that adds value to companies”, adds Furtuna.
“Over time, the evolution of stakeholder expectations has constantly altered the perspective of the internal audit role. The new requests from the board of directors, leaders and regulatory authorities require internal auditors to increasingly focus their efforts on activities that generate added value, beyond regulatory compliance issues. In a business environment that is changing faster than ever and in which automation solutions are being adopted quickly and in more and more areas of activity, internal auditors are playing an increasingly important role. In view of the major uncertainties caused by the assault of disruptive forces, the internal audit function must evolve to help the organization understand and manage the associated risks, achieve the expected results of automation and continue to innovate in order to achieve added value,” says Richard Perrin, Partner and Head of Advisory, KPMG in Romania.
“By using intelligent automation solutions, the internal audit function gains efficiency by improving the quality and consistency of processes, planning, testing and reporting activities, including the transition from limited testing of samples to full testing of audited population. Furthermore, through digitalization and automation processes, the internal control environment can improve, especially in the prevention area, due to the introduction of automated controls instead of manual ones, real-time analysis, followed by automatic escalation and resolution of anomalies, empowering the organization by increasing added value with limited consumption of resources,” explains Adela Ciucioi, partner and head of Technology, Media & Telecommunications, KPMG in Romania.
In this year’s survey, KPMG gathered answers from 38 respondents, represented by Romanian heads of the internal audit function from banking (42 percent), insurance (21 percent), as well as from the production and non-financial services industry (37 percent). 42 percent of respondents represent companies with an annual turnover exceeding RON 500 million, 50 percent of these have assets of at least RON 3 billion, and 4 out of 10 respondent companies have 1,000 employees or more. The survey was conducted online in the fourth quarter of 2018.