Uniac - February 2024

31 Virtual Brochure – February 2024 Focus of internal audit effort As in previous years, the ECIIA survey examined the extent to which CAEs think that internal audit effort is aligned with their most significant risk areas. This is shown in table 2, overleaf. As in 2023, there is strong alignment between risk level and estimated audit effort in relation to cybersecurity risks, with notably less internal audit effort focused on human capital and on risks arising from macroeconomic and geopolitical uncertainty. Overall, the pattern of effort is largely unchanged. While internal audit is only one means of providing assurance around the effectiveness of internal controls, this assessment provides a prompt to consider whether there is too little or too much resource expended across different elements of the risk portfolio. To complement this, we analysed the 2023-24 Uniac programmes, categorising each of our scheduled audits against the ECIIA risk areas. We were able to map 27% of our programme (based on days budgeted) to the ten ECIIA risk areas, compared to 23% last year. The other 73% of our programme delivers compliance audits across financial controls and statutory reporting, and a broad portfolio of risk-based audits aligned to institutional risks across education, research, estates, and support service activities. In line with the wider business audit environment, Uniac effort is particularly concentrated around cyber and data security, alongside risks from digital disruption and new technology. This reflects the extent of investment in people, processes and technology across the HE sector in response to growing cybersecurity threats, and also the scale of investment in digital transformation projects. We would also highlight the small but significant growth in demand, for assurance around responses to environmental sustainability risks. We hope these findings are useful in informing institutional conversations about where future internal audit effort is best directed; for example to provide additional assurance around staffing risks, macro-economic risks, and changes in markets and consumer behaviour.

RkJQdWJsaXNoZXIy NTI5NzM=