15 Virtual Brochure – March 2025 Focus of internal audit effort As in previous years, the ECIIA survey examined the extent to which CAEs think that internal audit effort is aligned with their most significant risk areas. For the top 10 strategic risks in the survey, table 2 below shows where CAEs expect to spend internal audit time in 2024-25. The pattern this shows is similar to previous years, with businesses choosing to focus their internal audit resources on cybersecurity and data security risks, as well as providing assurance on preparing to comply with changing EU laws and regulations and on business continuity planning. To complement this, we’ve analysed Uniac’s internal audit programmes for 2024-25 against the ECIIA risk areas. We were able to map 30% of our programme (based on days budgeted) to the ten ECIIA risk areas. The other 71% of our programme delivers compliance audits across financial controls and statutory reporting, and a broad portfolio of risk-based audits aligned to institutional risks across education, research, estates, and HE professional services. Our 2024-25 programme evidences a substantial increase in audit focus on cybersecurity and data security audits reflecting the challenging risk environment, as well as substantial growth in human capital. Many of these focus on employee wellbeing.
RkJQdWJsaXNoZXIy NTI5NzM=