Making the case for internal audit outsourcing

Managing your risk and regulatory requirements

Today’s business stakeholders, including boards, shareholders, lenders, etc.…are increasingly expecting the internal audit function to actively help mitigate risk. As middle market organizations become more and more complex, so too become their business processes and systems.

During this podcast, Rob Frattasio will discuss how organizations are challenged to meet compliance requirements in this complicated and complex landscape, where resources with the right skills, talent and experience are hard to come by. He will address how internal audit outsourcing is a viable option in today’s business environment.

How have expectations changed for the internal audit function and what does that mean for middle market companies?

Frattasio: Stakeholders are expecting more value from an internal audit function. And they’re expecting that internal audit function to be able to add value across all sorts of aspects of the business: operations, financial processes, information technology (IT), regulatory issues and cybersecurity.

I think this trend will continue. Middle market companies are struggling to find and keep good people in their internal audit functions. They’re increasingly complex organizations. They’re expanding into new markets and geographies. They’re adopting complex business processes and systems as a result. The regulatory environment continues to increase in complexity across the globe, not just here in the United States. The demand is high for good, quality internal auditors and the competition is really fierce for them.

Given those enhanced expectations, what should a company look for in an internal audit partner? Why should they outsource over building an in-house team?

Frattasio: Companies should be getting true value out of their internal audit function, and that goes beyond just full-time internal audit of testing controls. The right partner should be teaming up with senior management, whether it’s helping with the mergers and acquisition strategy and helping with due diligence or integration of new acquisitions. They should be keeping up with changes in the IT environment, whether it’s cybersecurity or new applications and infrastructure.

By outsourcing, a company is able to tap into the collective set of knowledge and experience of a whole firm versus an individual or small set of individuals, so they’re able to tap into the various expertise and specialties an outsourcing firm has. They are able to get insights into what’s happening at other companies and what their competition is doing.

Oftentimes, an outsourced function is more efficient and cost effective, so a provider uses their time more efficiently. A good provider comes in, does its work, adds lots of value and goes. That eliminates the downtime that an in-sourced function would have.

“Middle market companies are struggling to find and keep good people in their internal audit functions. The demand is high for quality and the competition is really fierce.”

What’s an example of a particularly successful partnership for an internal audit function?

Frattasio: I’ve got one multinational, publicly traded client that had a small in-house internal audit function. They decided a couple of years ago to try to co-source to bring the internal audit function to the next level. They were a very acquisitive company, growing overseas and implementing new systems.

We co-sourced in that first year, and the company was so happy with the results that they decided to outsource even further. So they cut their in-house function in half. Going into that second year, we continued to add more value, and they saw that through our ability to bring a breadth of resources here domestically in terms of IT risk professionals, tax professionals, and IT security and privacy professionals. They also could access our offices overseas in places like China and Germany and the Netherlands.

Going into our third year, they decided to fully outsource to us. Not only have they accessed our extensive knowledge across the globe, but they’ve also reduced their costs. They’ve found that the total internal audit spend with us has dropped by 25 percent versus where it was with an in-house function. So it’s a double win. They have access to more experienced professionals at a lower cost.

RSM contributors

  • Robert Frattasio

Contact our risk, fraud and cybersecurity professionals

Complete this form and an RSM representative will be in touch shortly.