Press Release


STAMFORD Conn., March 24, 2021

Gartner Says Internal Audit Is at Risk of Being Overstretched in 2021

As Well As Reducing Budgets, The COVID-19 Pandemic Has Heightened Organizational Risks and the Need for Audit Oversight

A September 2020 study of 299 Internal Audit organizations showed that the function faced both declining budgets and a significantly expanded workload in 2020, according to Gartner, Inc.

“For many heads of audit, it’s not clear where the extra capacity is going to come from,” said Margaret Moore Porter, managing vice president in the Gartner Audit practice. “It’s clear the pandemic has created and heightened risks that need audit oversight, but there is a real danger of the function being overwhelmed unless leaders can find ways to increase capacity without increasing budgets.”

Information security and information technology risks were the two areas where a majority of audit functions planned to spend more time. Yet there is a long tail of risk areas demanding more attention and not many that will require significantly fewer hours (see Figure 1).

Figure 1. Changes to Internal Audit Execution Hours in 2020, by Risk Area

“At the moment this is very far from being a balanced equation,” said Ms. Porter. “The obvious implication, if the picture doesn’t become more balanced, is that audit leaders will have to make tough coverage trade-off decisions.”

Internal audit function budgets enjoyed a period of growth of approximately 5% per year in the period between 2017-2019. In 2020 that figure came in as a 1.5% decrease, and Gartner predicts it to be flat in 2021. Headcount also remained flat in 2020, and this is expected to continue in 2021.

“It doesn’t look like there will be a way to buy more capacity for most internal audit functions in 2021,” said Ms. Porter. “Leaders will have to be creative and find ways to get more out of the resources they have.”

Sixty-six percent of audit departments are in active discussions with other risk and control groups in their organizations on how they can better share resources, notably support for risk assessment and data analytics.

Many audit departments are looking to better align and rely on risk coverage from the second line to reduce duplication and improve efficiency. Given regulatory scrutiny, that approach is less prevalent in financial services (FS) and banking audit departments, where 47% do not rely on the second line to provide assurance compared to 35% in non-FS and banking. 

Gartner clients can learn more in 2020 State of the Internal Audit Function.

Non clients can also learn more in the complimentary webinar Audit at the Speed of Business – Strategies for Scaling Assurance in a High-Risk, High-Change Environment.

About the Gartner Audit & Risk Practice
The Gartner Audit & Risk practice equips Audit & Risk leaders and their teams with insights, advice, and tools to better navigate high-risk growth decisions. Additional information is available at


About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit