Data analytics, understanding cyber and digitalisation risks among key priorities
A majority of Hong Kong companies plan to increase investment in internal audit, as the role becomes more instrumental in helping organisations achieve their strategic objectives, according to a joint survey by KPMG and The Institute of Internal Auditors (IIA) Hong Kong.
The survey titled An Evolving Internal Audit Landscape – Beyond conventional compliance, surveyed around 100 senior audit executives and other senior management, assessing the role of internal audit within their business operations. The survey also captures the key challenges companies faced when adapting to the revised Corporate Governance Code, which came into effect last year.
More than half of respondents expect their internal audit investment to increase over the next three years, driven by demand from the audit committee/board (51 percent), senior management (32 percent), stricter levels of compliance and regulatory requirements (44 percent) and an increasing need to hire more specialists (30 percent).
The survey highlights that over 80 percent of senior audit executives rated the role of their internal audit function as a key business advisor. In contrast, only 4 percent of surveyed Audit Committee Chairman and committee members, and 16 percent of senior management viewed an internal audit function as a business advisor. This significant discrepancy suggests there is plenty of room for improvement before internal audit can be fully considered as a business advisor by some key stakeholders.
More than half of survey respondents said a key role of internal audit is to improve business performance and efficiency, beyond its traditional role of assurance against internal policies, listing rules, Companies Ordinance and other industry regulations.
“Internal audit can enhance shareholder value by challenging the way a business operates and providing assurance on risk and internal control systems,” says Alva Lee, Partner, KPMG China. “Most importantly, there are growing expectations among market practitioners that an internal audit function can grow beyond conventional compliance-type-roles and evolve into a trusted business advisor of the organisation.”
Assessing and identifying the risks and opportunities brought about by digitalisation is a key role of the internal audit function. However, insufficient use of data analytics is identified by 40 percent of respondents as one of the challenges within their internal audit function. Only 9 percent said they are fully utilising data analysis tools for all internal audit projects.
Meanwhile, companies are exposed to higher cyber security risks with increased online presence, broader use of social media, mass adoption of mobile devices, increased usage of cloud services and the collection/analysis of big data. Regulators are seeing this threat and are putting pressure on businesses to comply with tighter rules and regulations, to admit to cyber breaches publicly, and to submit to detailed examinations.
Stephen Lee, President, IIA Hong Kong, says: “Possessing an internal audit function with a clear cyber strategy can help better determine the extent to which internal controls can be adapted to these changes. Companies should consider putting cybersecurity as a focal point when formulating their internal audit plans, and conduct reviews at regular intervals.”
While all financial services respondents were said to have incorporated and embedded cyber risks in the planning of their internal audit activities, only half of non-financial services respondents did the same, according to the survey. This is a potential weakness as cyber risks concern every organisation and those that are not prepared for it in their internal audit plan will be at risk, the survey finds.
Insufficient resources was highlighted as one of the challenges. Nearly a quarter of respondents consider their internal audit functions to have insufficient resources, skill set or experience to perform their day-to-day duties. More than three quarters of respondents indicated their internal audit teams comprise predominantly of audit professionals.
Stephen Lee says: “A well-balanced mix of audit professionals and business executives is important as it could help provide a more complete skill set to operate in an increasingly complex business environment. In addition to reassessing the talent compositions of internal audit functions, expanding its capabilities in data analytics and risk spotting is another way to promote its role as a business advisor to an organisation.”
Alva Lee concludes: “As the industry continues to develop, an internal audit function should no longer be confined to being a mere compliance checker and is now transitioning into a trusted business advisor that can provide valuable insights to the senior management. It should also expand its scope beyond traditional process-level audits and into areas such as culture and behaviour, and to keep up with the times and start embracing big data analytics in their auditing, while making sure they are aware of the threats cyber risks pose.”
KPMG and IIA Hong Kong conducted a survey in March 2017 to analyse and understand just how companies have been approaching the new Corporate Governance Code.
We gathered responses from around 100 senior audit executives with the titles Head of Internal Audit, Chief Audit Executive, Chairman and members of Audit Committee and other Senior Management across a range of industries. Some 18 percent of the respondents were from the Financial Services sector, 13 percent Industrial and Manufacturing, 12 percent Real Estate and Infrastructure, 8 percent Retail, 6 percent Entertainment, Media and Publishing, and 4 percent Engineering, Construction and Telecommunications.
The Institute of Internal Auditors Hong Kong Limited (IIA Hong Kong) (previously known as The Institute of Internal Auditors Hong Kong Chapter) was formed in 1979 and is affiliated to the global organisation, The Institute of Internal Auditors Inc. (IIA), which is an international professional association headquartered in the US, with more than 180,000 members worldwide. The IIA is the internal audit profession’s global voice, recognised authority, acknowledged leader, chief advocate, and principal educator. The IIA has developed a portfolio of globally recognised certifications, the 1over 130,000 CIA certified individuals.
The IIA’s definition of internal auditing is as follows: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”.
The IIA provides internal audit professionals worldwide with authoritative guidance organised in the International Professional Practices Framework as mandatory guidance and recommended guidance. IIA Hong Kong supports members in Hong Kong through dynamic leadership in providing comprehensive professional educational and development opportunities, and facilitating The IIA’s certification programs in Hong Kong, and bringing together internal auditors from all sectors to network and share information and experiences.
KPMG China operates in 16 cities across China, with around 10,000 partners and staff in Beijing, Beijing Zhongguancun, Chengdu, Chongqing, Foshan, Fuzhou, Guangzhou, Hangzhou, Nanjing, Qingdao, Shanghai, Shenyang, Shenzhen, Tianjin, Xiamen, Hong Kong SAR and Macau SAR. With a single management structure across all these offices, KPMG China can deploy experienced professionals efficiently, wherever our client is located.
KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 152 countries and regions, and have 189,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.
In 1992, KPMG became the first international accounting network to be granted a joint venture licence in mainland China. KPMG China was also the first among the Big Four in mainland China to convert from a joint venture to a special general partnership, as of 1 August 2012. Additionally, the Hong Kong office can trace its origins to 1945. This early commitment to the China market, together with an unwavering focus on quality, has been the foundation for accumulated industry experience, and is reflected in the Chinese member firm’s appointment by some of China’s most prestigious companies.
A report on Hong Kong’s internal audit landscape