I was delighted back on Thanksgiving day to have uncovered the release of the results of E&Y's recent survey on internal auditing around the globe. I picked it up off a finance and accountancy site in the UK (I guess not having a Thanksgiving - no British version of Plymouth Rock, you know - has its advantages). And, I've been even more heartened as I've seen the results popping up in articles in the weeks following.
Today, CFO Magazine has a piece on the survey at - http://www.cfo.com/article.cfm/12747841/c_12724274?f=home_todayinfinance - confirming what we believed in 2002 and 2003, that the pendulum had swung too far to one set of risks.
Probably the greatest alarm bell the survey sounds is:
More than a third of respondents said it was "very difficult" to recruit people skilled at enterprise risk assessment. Similar percentages said the same for auditing skills in specialized areas such as mergers and acquisitions, tax, and fraud detection. A total of 68 percent said it was either very difficult or somewhat difficult to find people knowledgeable about operational auditing or process improvement, compared to 51 percent for compliance auditing.
In 2003 at RSA, we were already concerned about the evolutionary impact that SOX would have on the profession. To a huge degree, we were able to segregate our SOX work from our risk assessment and assurance activities, but we watched many of our colleagues in the local IIA and ISACA chapters giving their entire Audit Plan over to SOX work. We knew then, and it appears validated now, that the skill set needed to conduct pure Sarbanes-Oxley work is a much different one than is required to properly assess an organizations portfolio of operational, financial, and information technology risks.
Kudos to E&Y for getting this back into the discussion.
No comments:
Post a Comment