Rising reliance on internal auditors spooks regulators and industry

by Marcus Liu - Business Editor
0 comments

Regulators Wary as Banks Lean on Internal Auditors

U.S. Bank regulators are expressing concern over the increasing reliance on internal auditors as supervisory remits narrow and agency headcounts shrink. This shift raises questions about the independence of audits and the potential for increased pressure on audit teams from business units within the banks themselves.

The Shrinking Supervisory Landscape

The three U.S. Prudential agencies – the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) – are reducing their supervisory scope and staffing levels. Regulators are increasingly looking to internal audit functions to provide assurance on risk management and compliance. Risk.net reported on this trend on March 23, 2026.

Concerns About Independence

Whereas internal audit functions are expected to operate independently, regulators and risk professionals worry that this independence may be compromised when banks rely heavily on them for supervisory oversight. The inherent challenge lies in the fact that internal auditors are employees of the bank, potentially creating conflicts of interest. As Risk.net highlights, “Everyone pays lip service to audits being independent, but the reality is that anytime audit has findings…” there can be pressure to mitigate those findings in a way that favors the business units.

Expanding Audit Responsibilities

The role of internal audit is evolving beyond traditional compliance checks. According to Diligent, internal audit is increasingly involved in enterprise risk management, providing objective assessments of risk identification, assessment, and mitigation strategies. In fact, nearly one-third of Chief Audit Executives (CAEs) now have direct responsibility for enterprise risk management, a significant increase from 24% nine years prior. This expansion of responsibilities, while valuable, further intensifies the need for robust independence and objectivity.

Focus Areas for Internal Audit in Financial Services

Financial services organizations face a complex risk landscape. Crowe specialists identify several key risk areas for internal audit, including:

  • Financial reporting accuracy
  • Regulatory compliance
  • Cybersecurity threats
  • Fraud prevention
  • Operational resilience

The Importance of a Strong Audit Function

A robust and independent internal audit function is crucial for maintaining the stability and integrity of the financial system. Internal audit helps financial firms manage uncertainty, as noted by The Institute of Internal Auditors. Strengthening cybersecurity governance, improving oversight, and clarifying ownership of risk management are all areas where internal audit can play a vital role.

Looking Ahead

As regulatory scrutiny and risk complexity continue to rise, the relationship between bank supervisors and internal audit functions will remain a critical area of focus. Maintaining the independence and objectivity of internal audit is paramount to ensuring effective risk management and protecting the financial system. The industry will need to address the challenges posed by shrinking regulatory resources and evolving risk landscapes to ensure that internal audit can continue to provide reliable assurance.

Related Posts

Leave a Comment