Internal Audit (Russian Market)

2023: The number of auditors in Russia in 3 years decreased by 10%

In 2023, there were 750 fewer auditors compared to 2022, and in three years their number decreased by 2 thousand people. This became known on February 7, 2024.

According to experts interviewed by Kommersant, the number of new specialists who passed the final exam is not enough to cover the growing needs of the market. According to auditors, changes are needed in the procedure for examining auditors. In addition, experts note the difference in salary between the audience and the real sector, the rigidity of audit regulation, the growth of requirements, a large amount of manual work and the complexity of the certification exam.

Pexels

In recent years, the rate of withdrawal of auditors from the profession has been growing, while the slowdown in the pace in 2021 turned out to be local. According to SRO Sodruzhestvo, the total number of professional auditors as of February 2024 is about 15.5 thousand people. In three years, the number of auditors has decreased by 10%.

According to Sergey Kharitonov, managing partner of the Marillion group of companies, 80% of the departed auditors moved to the real sector and government agencies, 10% of specialists went to consulting or methodological work. The last 10% are retiring.

More than half of those who entered the exam process abandoned attempts to pass after the second or third failure. The remaining part of the people has been going to the auditor's certificate for more than three years, - says Mr. Kharitonov. - The high cost of the exam is also an important factor, the cost can reach 300 thousand rubles, adds Kharitonov.

Difficulties in the examination are supplemented by the fact that an auditor needs to have professional experience to pass it, and it cannot be officially obtained, since according to Russian law, audit procedures can only be carried out by certified auditors.^[1]

2021

Mishustin approved the creation of a single register of expert auditors

In November 2021, Prime Minister Mikhail Mishustin signed a decree approving the launch of a single register of expert auditors. He earned on March 1, 2022. Read more here.

The Central Bank is empowered to regulate audit activities

On June 16, 2021, the State Duma of the Russian Federation in the third, final reading adopted a bill empowering the Central Bank with the powers of a regulator of audit activities. The innovation, initiated by a group of deputies headed by the chairman of the financial market committee Anatoly Aksakov, will enter into force on July 1, 2021.

According to the bill, the Bank of Russia receives powers to regulate the scope of audit activities, including the adoption of regulations governing the activities of auditors. The Central Bank will exercise direct control and supervision over self-regulatory organizations (SROs) of auditors, as well as audit organizations that audit the accounting (financial) statements of socially significant organizations. The SRO of auditors fully retains the authority to externally control the quality of the work of their members. The auditors will have the right to recognize the planned inspection of the quality of the work of the audit organization, the information about which is entered in the register, carried out if in the corresponding period this audit organization was controlled by the Central Bank.

The State Duma gave the Central Bank the authority to regulate audit activities

Audit services to socially significant organizations will be entitled to be provided only by audit organizations, information about which is entered in the corresponding register of the Central Bank. Such organizations should be the main place of work of at least three (and from 2023 - at least five) auditors. 

Also, the Central Bank, in agreement with the FSB and the Federal Service for Technical and Export Control, will establish requirements for information protection for audit organizations, credit bureaus, credit rating agencies. The National Financial Council will assess the independence of audit organizations conducting a mandatory audit of the annual report of the Central Bank and the audit of financial statements of organizations with a Bank of Russia stake of more than 50%. Information on the assessment will be included in the annual report of the Central Bank.^[2]

2019: Study of the current state and trends of internal audit in Russia

IT Components: Trends, Human Resources, Automation

The Institute of Internal Auditors Association and Deloitte conducted a joint study of the current state and trends in the development of internal audit in Russia. As part of the study, about 100 heads of internal audit services in Russian companies of the non-financial sector from various industries were interviewed, the data obtained were compared with the results of the survey for 2017.

Within the framework of the study, the qualitative characteristics of internal audit units (including issues of accountability and independence, functions performed, performance assessments), issues of personnel management and resource support, operational activities, as well as the use of IT and data analysis tools in the work of internal audit units were considered.

Quality characteristics of internal audit departments

The study showed a number of important trends regarding IT in the development of the practice of internal audit of non-financial companies.

General Study Findings, IT Engagement, Staff IT Auditors

In the coming years, the business environment will require organizations to implement changes that affect, among other things, the need to modernize internal audit services.

The high pace of implementation of advanced technologies, business models, changes in the regulatory framework and relationships with third parties also affect the change in the role of internal audit. To meet the growing expectations of the business, internal audit services need to expand their role from providing only guarantees to providing consulting services, from a reactive approach to focusing on the future, from protecting assets to supporting value creation. At the same time, it is important for the internal audit not to lag behind the development of the organization as a whole, which necessitates the introduction of innovative solutions. But the results of the study showed that internal audit services do not always have the resources to change, explains Sergey Kudryashov, partner, head of internal audit practice, Deloitte

According to Alexei Sonin, director of the Institute of Internal Auditors Association, so that internal audit does not become perceived as an obstacle to progress, he simply must transform: this refers to a change in the functions of internal audit, approaches to planning and performing audit tasks used in auditing technologies, as well as the required knowledge and skills of internal auditors. At the same time, the study showed that the functions performed by the internal audit as a whole do not change much. This is a traditional assessment of the internal control system, monitoring the elimination of shortcomings and assisting management in improving the control system. Alexey Sonin notes that at the same time he draws attention to the fact that the consulting direction in the activities of the internal audit services ranked second in priority after assessing the effectiveness of the internal control system, although in previous studies this function was not at all in the top three priorities. Taking into account the requirements for digitalization and the need to switch to other information technologies, it seems somewhat strange that IT audits are a priority area only for every third internal audit service. Although in their plans for the future, about half of the respondents have already named this area as a priority.

22% of respondent companies among the main functional duties of the internal audit service note the assessment of the security of information systems. Also, the area of ​ ​ responsibility of the service includes IT audits and security assessment of information systems (IS) - in 2020 they are planned to be carried out by 47% and 29% of survey participants, respectively.

The emergence of the IE safety assessment in the list of functional responsibilities of the internal audit reflects the current trend. The report of the International Institute of Internal Auditors (IIA) OnRisk 2020, containing a list of the most significant risks that companies face and will face in the next 4 years, suggests that the top 5 includes risks related to cybersecurity, data protection and modern technologies. In order to bring value to the company, an internal audit must have the appropriate skills. In order to increase our competence in this area in 2019, we identified the information security audit in a separate direction within the service, explains Denis Ovsyannikov, Director of Internal Audit at Tele2

Traditionally, most often, when conducting IT and IS audits, companies attract external specialists. The results of the 2019 survey show a decrease in interest in attracting external experts compared to 2017. The share of companies attracting external specialists in the field of information systems decreased from 92% to 67%, which may be due to the growth of the number of IT auditors in the state. The share of respondents attracting specialists in highly specialized production issues (from 58% to 36%) and financial statements (from 29% to 6%) also decreased significantly.

In the internal audit service, only a quarter of organizations have an IT auditor, and in most cases it is only one employee. But there are industries, such as telecommunications, where there are entire IT audit departments.

Based on my experience, I can say with confidence that these specialists should be on the staff of the company and more than one employee is needed. IT audit specialists carry out audits in the following areas: assessment of the design and operational effectiveness of control procedures in the processes of managing information systems and information technologies, ensuring information security and cybersecurity, protecting personal data and intellectual property; Assessment of the efficiency of business continuity and sustainability management. The topics of the above audits relate to the confidential area, which confirms the desire to attract specialists to the staff,

Processes and technologies

More than half of respondents (57%) noted that they do not use specialized software for internal audit purposes. Every fourth internal audit service uses proprietary software, 25% of respondents use solutions from Russian and foreign suppliers.

Using Specialized Software

At the same time, 75% of respondent companies that do not use software for the internal audit service at the time of the survey do not plan to implement it in the next two years. According to Igor Kozhurov, Deputy Director of the Internal Audit Department of Aeroflot PJSC, the results of the study indicate an insufficient level of maturity of internal audit in the field of automation and digitalization:

Perhaps this is a consequence of a certain conservatism of the audit profession. Excel is still the main tool. Confirmation of the relevance of the issue is the results showing that the need to attract external specialists in the field of information systems comes first,

The internal audit must keep pace with the times, as failure to upgrade entails a decline in efficiency and a loss of management confidence. The use of IT tools will increase the value of the internal audit service in the eyes of management,

The internal control and audit Block of MTS PJSC analyzed the functionality of several data analysis tools and selected Qlik for implementation (10% of respondents use it) as having more advantages over other tools. This solution provides a complete cycle of ETL processing (Extract, Transform, Load) of data, its further visualization on the entire required data array and the ability to work without connecting to the corporate network.

Software used by the Internal Audit Service for data analysis

92% of internal audit managers noted that they use MS Excel as a tool for conducting data analysis. Specialized BI solutions, programming languages ​ ​ and scripts are evenly distributed by the number of answers. Among the "different" responses, participants listed Celonis' decision. Denis Ovsyannikov, Director of Internal Audit at TYeLYe2, is confident that MS Excel will remain the main auditor's tool for a long time, but notes that its capabilities are limited, primarily in terms of working with big data, so TYeLYe2 in its practice constantly expands the analytical tools and uses all these products (MS Excel, MS Access, MS SQL, Power BI, Qlik, Python, Tableau, Celonis и др.).

Current trends contribute to the automation of processes performed by the internal audit service. Sergey Petrov, Deputy Head of the Internal Audit Department of Unipro PJSC, clarifies that one of the tools for processing and storing auditor's work papers is Microsoft OneNote. In addition, various tools are used to automate the process of monitoring the implementation of audit recommendations (each company has its own developments). According to Veronika Semenova, head of the internal audit department of Unipro PJSC, in the future, it is planned to use one of the existing process mining tools, Celonis, to analyze the effectiveness of the business process using a large amount of data.

First of all, tools for analyzing data are used by internal audit services to form samples (82%), reconcile data (74%) and test when performing an audit (66%).

Prospects

According to Alexei Sonin, director of the Institute of Internal Auditors Association, the prospects for internal audit based on the results of the study look pretty good. 62% of the heads of internal audit services who participated in the survey believe that in 2020 the number of employees of the internal audit service will not change. 7% of respondents expect staff cuts of more than 10%. A quarter of survey participants split in half between a rise in numbers of more than 10% and less than 10%.

39% of the heads of internal audit services participating in the survey believe that in 2020 the budget of the internal audit service will not change. However, unlike expectations regarding the number of service employees, 40% of managers predict budget growth (20% of respondents believe that the budget in 2020 will increase by more than 10%). The most pessimistic expectations - that the budget will be reduced by more than 10% - are characteristic of only 7% of survey participants.

Some services have introduced flexible planning approaches, are actively mastering modern technologies, testing methods and continuous audit, but there are few such advanced services. Most services lack development resources and take conservative approaches. This is a moment to pay attention to, since without the resource to introduce innovations, services risk being left far behind the business and losing their significance and authority.

Information on Study Organizers

The Institute of Internal Auditors Association (IVA Association), registered in 2000, is a professional association of more than 4,000 internal auditors, internal controllers and employees of other control divisions of Russian companies and organizations. IVA has 12 regional centers: in Yekaterinburg, Kazan, Krasnodar, Krasnoyarsk, Nizhny Novgorod, Novosibirsk, Perm, Samara, St. Petersburg, Tyumen, Ufa and Khabarovsk.

Information on study participants

Deloitte & Touche. Deloitte is a professional services company. Deloitte's clients include more than 80% of the world's largest companies, as well as large national enterprises, government agencies, organizations that play an important role in the markets of individual countries, and fast-growing international companies. Deloitte's offices, located in more than 150 countries, employ more than 312 thousand professionals, including more than 3,700 employees in the CIS countries.

Information on study participants

The survey involved about 100 internal audit services of different sectors of the economy and different scale of activity (except for the financial sector). 36% of the companies participating in the survey are public joint stock companies.

Industries:

• Water supply; water disposal, organization of waste collection and disposal - 1%
• Public administration and military security; social security - 1%
• Administrative and Related Ancillary Services - 1%
• Health and social services - 2%
• Information Technology - 1%
• Culture, sports, leisure and entertainment - 2%
• Professional, scientific and technical activity - 3%
• Mining - 9%
• Supply of electric power, gas and steam - 10%
• Processing plants - 10%
• Provision of other types of services - 1%
• Construction - 7%
• Telecommunications - 5%
• Wholesale and retail trade - 7%
• Transportation and Storage - 6%
• Other - 33%

Revenue, RUB bln per year

• Less than 0.5 - 3%
• 0,5–1 – 2%
• 1–10 – 17%
• 10–250 – 47%
• 250–500 – 13%
• 500–1 000 – 12%
• More than 1,000 - 6%

Notes