|The IIA Research foundation published a white paper on the role of Internal Audit in Risk Management. |
The business world is becoming increasingly complex due to new, evolving, and emerging risks. Organizations are giving risk management more consideration, but implementing an effective risk management program takes time and discipline. Internal auditors are finding they can play important roles in risk management, but there are many roles that internal audit activities are either not ready to pursue or are not proactive in pursuing. This should serve as a call for action to internal audit activities in general and chief audit executives (CAEs) in particular. Specifically, CAEs have opportunities to:
This call for action may be challenging for many CAEs, but those with the right level of skills, experience, and confidence, and a sufficiently high position in the organization, will be able to carry out the actions described throughout this paper and truly add value to their organizations.
- Educate and train audit committees and management on risk and risk management concepts.
- Provide assurance on the core internal audit roles described in an IIA Position Paper titled The Role of Internal Auditing in Enterprise-wide Risk Management.
- Seek opportunities to perform more risk management consulting services in support of whoever is managing the risk management program, and formally communicate the results of those consulting services to the audit committee and management.
- Evaluate strategic risks; i.e., whether management has (1) comprehensively identified key strategic risks, (2) developed prudent risk management techniques to address those risks, and (3) established sufficient monitoring of strategic risk “signposts” to identify risk occurrences in time to take the appropriate actions.
- Devote the time, resources, and leadership to developing internal audit teams so that they have the right level of skills and experience related to risk management.
- Use third-party and other internal resources to supplement the risk management skills of the internal audit activity.
Download the report