Why Internal Audit Must Assess and Provide Assurance Over the Management of Risk
Norman Marks, CRMA, CPA, was a chief audit executive and chief risk officer at major global corporations for more than 20 years. The views expressed in this blog are his personal views and may not represent those of The IIA.
It is heartening to see more and more organizations requiring their internal audit departments to assess and provide an opinion on the effectiveness of risk management — or, using my preferred language, the management of risk by the organization.
I did a short video with Richard Chambers, President and CEO of Global IIA, on this topic. This was after I had posted a "tweet" saying that internal audit leaders who failed to provide assurance on risk management “deserved a seat at the children’s table.” While most laughed and agreed, this did draw some criticism from other internal audit leaders.
As I explain in the video, internal audit needs to focus on the risks that matter to the organization if they are to be relevant. Often, the greatest risk is that the organization’s leaders are not aware of the risks between them and their objectives.
Do you agree with my observation?
Do you agree also that not having expertise in risk management is no excuse: that expertise must be obtained, even if requires going to an external source, i.e., co-sourcing.
You might be interested in other short videos on the value of internal audit performing SOX testing and internal audit’s role in organizational governance. Do you agree with my comments?
Posted on Oct 17, 2013 by Norman Marks
Share This Article: