The current global economic crisis has placed extraordinary pressure on Internal Audit to reevaluate short and long term performance management objectives. As expected, risk and cost management objectives have risen in priority, in large part due to the worsening economic environment, while priorities such as SOX 404 testing have waned. Also, there is greater emphasis on technology tools (automated work-paper solutions and data mining), as well as, continuous controls monitoring CCM (with Business Intelligence initiatives).
Several new risks are rising this year. At a time when companies are carrying out major reductions in their workforces, employment laws are changing. Companies must carefully consider and manage their layoff and reduction-in-force activities with gender, age, and race discrimination concerns in mind. As well, many customers and suppliers are renegotiating contract terms with operative staff that are often bad equipped to know how to respond and actively trying to avoid legal department involvement.
A key objective for the planning is to minimize SOX efforts via controls rationalization process. Internal Audit have been generally moving away from SOX-related objectives since 2007 (although SOX remains a priority) I expect this year to transition control testing and SOX management to business process owners (it implies more application of Control Self Assessments). AS5 facilitated this objective because it is a more streamlined process.
As a general conclusion, internal audit is aiming to go beyond providing control assurance to providing more comprehensive risk management and reporting.