​​Why Internal Audit Must Assess and Provide Assurance Over the Management of Risk

Comments Views

​​It is heartening to see more and more organizations requiring their internal audit departments to assess and provide an opinion on the effectiveness of risk management — or, using my preferred language, the management of risk by the organization.

I did a short video with Richard Chambers, President and CEO of Global IIA, on this topic. This was after I had posted a "tweet" saying that internal audit leaders who failed to provide assurance on risk management "deserved a seat at the children's table." While most laughed and agreed, this did draw some criticism from other internal audit leaders.​

As I explain in the video, internal audit needs to focus on the risks that matter to the organization if they are to be relevant. Often, the greatest risk is that the organization's leaders are not aware of the risks between them and their objectives.

Do you agree with my observation?

Do you agree also that not having expertise in risk management is no excuse: that expertise must be obtained, even if requires going to an external source, i.e., co-sourcing?

You might be interested in other short videos on the value of internal audit performing SOX testing and internal audit's role in organizational governance. Do you agree with my comments?

​The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this article

comments powered by Disqus
  • IIA Quality_July 2020_Blog 1
  • IIA Online Testing_July 2020_Blog 2
  • IIA Training_July 2020_Blog 3