I am going to talk about Bruce Carpenter, the Vice President of Internal Audit at Sybase.
Like others in the Silicon Valley, Bruce was a respected internal audit leader at his company when he was asked to take on not only risk management but compliance as well. Now, we can argue whether those represented conflicts or not, but being the hero that Bruce is he accepted the challenge.
Bruce and top management (he had the very active support of the CEO) decided that risk and compliance (he refers to it as GRC) needed to function "with the rhythm of the business." He saw it as not only protecting value but helping management drive performance.
With the help of consultants from Protiviti, Bruce led the implementation of technology solutions to enable his GRC program: solutions to manage access to the new SAP ERP, risk management, SOX, and compliance management.
Sybase not only felt that the implementation and the enhanced risk and compliance processes were successul, but that they helped the company drive significant improvements in revene, profits, and share price.
The company has now been recognized by OCEG for its (and Bruce's) achievement, giving their flagship Principled Performance award to the company.
You can hear Bruce (and later, the CEO of Sybase) talk about this achievement in this video.
Who are your internal audit heroes?