The Pulse of Internal Audit report is a primary data source for leaders in internal audit. It offers valuable information on various topics such as internal audit budgets, staff, audit plans, risks, and more important topics. The 2023 edition includes timely data on audit frequency for critical risk areas. The report serves as a benchmarking tool to internal audit leaders to plan and oversee their internal audit activities.
The survey’s main findings are the following:
Section 1: Budget
- Internal audit budgets have returned to pre-COVID levels for percentages of those with increases vs. decreases.
- About 40% said they had budget increases in the past year.
- About 60% said they have budget sufficiency.
- Long-term trend shows about 50% of budgets stay about the same year-over-yearduring normal economic conditions.
Section 2: Staff
- Internal audit staff growth is increasing but has not returned to pre-COVID levels yet.
- The biggest challenge when hiring talent is compensation expectations.
- Remote work is decreasing but still common.
Section 3: Audit Plans
- Cybersecurity and IT efforts made up 19% of respondents’ audit plans.
- Almost 70% of functions review high risk areas, such as cybersecurity and IT, at least annually.
- More than 80% of auditors integrate fraud and IT considerations into their audits routinely.
- Almost half of CAEs say they are responsible for fraud investigations.
- At publicly traded organizations, 67% of CAEs have responsibility for the Sarbanes-Oxley program.
Section 4: Risk Levels
- Third-party relationships is the third highest risk area (after cybersecurity and IT).
- Audit frequency for third-party relationships is relatively low compared to risk level.
- More than 60% of respondents at publicly traded organizations considered sustainability/non-financial reporting risk levels to be moderate, high, or very high.
- Cost/expense reduction has a much higher risk level for nonprofit organizations than other sectors.
Section 5: Leadership Metrics
- Administrative and functional reporting lines differ significantly by sector.
- 94% say their organizations have an audit committee, board, or equivalent.
- However, only about 70% at public sector and privately held organizations say they report functionally to an audit committee, board, or equivalent.
- For administrative reporting in the public sector and financial services, the most common line is to the CEO, president, or agency head.
- However, at 72% of publicly traded organizations and 60% of privately held organizations, the administrative reporting line goes to the chief financial officer (CFO) or similar role.
Both members and non-members can find out more about the report on the IIA website here.