New Normal in Internal Audit Function - Oman Pulse of Internal Audit Survey 2022

Internal audit, as the third line of defense, plays a critical role in providing assurance and related value-added services to an organization within the ambit of corporate governance. As Oman’s governance landscape is evolving, the IA fraternity is ever more cognizant of its role by contributing positively to the growth and sustainability of their organizations.

Against the backdrop of these developments, IIA Oman and Protiviti conducted the Chief Audit Executive (CAE)-focused Pulse Survey to gain insights into the various aspects of IA. The survey targeted IA professionals and Audit Committee members from both public and private sectors and was conducted towards latter half of 2021. It provides a comprehensive view of various organizations in terms of practices adopted by the IA function with respect to audit innovation, transformation, risk management abilities among others.

Key Takeaways:

  • As a result of innovation and transformation of IA functions, 38% of survey respondents mentioned that they fully achieved the IA plan which is a significant increase from the 18% seen in the 2020 survey.
  • Globally, COVID-19 has forced 3 out of 10 IA functions to make cuts to their budgets. In Oman, this ratio is 10% of budget cuts, per 47% of the survey respondents.
  • 28% of the respondents reported that the Audit Committee is not pursuing innovation and transformation initiatives, which is marginally lower than the 29% reported in the 2020 survey.
  • The survey revealed that 6% of organizations report to the CEO or the CFO, which could impair the independence of the IA function and may jeopardize objectivity.
  • The survey highlighted potentially one key area of concern where 39% of the respondents indicated that the IA function in their organization does not have an IT Auditor.
  • While some IA functions adopted next-gen audit techniques like agile auditing or dynamic risk assessment, others re-evaluated the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) program within the organization or participated in crisis management.

For more in-depth information, read our full report.