IIA Gain Report on Top Ten Risk Management Imperatives for Internal Audit

The Institute of Internal Auditors (IIA) published a report on the 10 Risk Management Imperatives for Internal Auditing. 

The timely and insightful report based on a recent IIA Global Audit Information Network (GAIN) survey  highlights the  evolving role of the Internal Audit profession in light of heightened expectations of their organizations and their key stakeholders. The IIA GAIN report provides a useful guide to Chief Audit Executives to proactively transform their internal audit functions to meet these expectations and deliver increasing value.

The report emphasizes how today’s business environment is characterized by mounting pressures for stronger, more effective risk management. It also states that there is a sharp focus on risk oversight, considered by many observers to be the top governance issue facing corporate boards in a post-meltdown world since audit committees are pushing for holistic risk management, stepped-up risk mitigation, and enterprise wide risk assessments.

The cornerstone of the increased focus on risk management is the need for rebuilding trust in our corporate society. Since the economic crises, many companies have gone into intense soul-searching mode to identify what went wrong and what they could have done differently and more importantly what they can improve in future. Companies are trying to better balance risks and rewards and taking a hard look at compensation practice and their corporate governance and oversight functions. In addition, Standard & Poor’s assessment of the Enterprise Risk Management function of companies is expected to bring greater  scrutiny on the company’s risk management and oversight functions.

Many internal audit groups are stepping up to the plate and taking on the role of integrating various governance, risk and compliance initiatives including SOX 404, Information Technology, financial reporting and compliance to provide deeper visibility to senior management and the Board on key risk indicators and the organization’s performance metrics in those areas.

It’s important to focus on the key strategic risks that can “put a company out of business” as also reputational risks that can lead to negative public, investor and regulator perceptions. Risk Management groups must look beyond past events as a guide to focus on an aggregated  picture of  “what could go wrong” across the enterprise. Leading companies now use scenario planning and leading indicator analysis to identify potential risks and opportunities and the likelihood and impact of such events on the organization’s business goals.

Studies have shown that companies with robust risk management and governance are perceived as quality organizations and attract greater valuations over the long term than companies that are not so perceived. Therefore effective risk management should permeate the entire organization and involve a collaborative effort with the senior management in a risk management implementation and ownership role, Internal Audit as a value added independent assessment function and the Board in an oversight and monitoring role.

Advertisement