The Protiviti View  | Insights From Our Experts on Trends, Risks and Opportunities

The Protiviti View

Insights From Our Experts on Trends, Risks and Opportunities
Search

POST

2 mins to read

Prioritizing Risks and Demonstrating Strategic Risk Savvy

Views
Larger Font
2 minutes to read
May is International Internal Audit Awareness Month. We are Internal Audit Awareness Month logocelebrating with a series of blog posts focused on internal audit topics and the daily challenges and future of the internal audit profession.

 

 

In my last post, I argued that internal auditors should go beyond assurance to serve as strategic advisers to executive management and directors.

This begs the question: Which risks do we focus on? CBOK survey respondents were adamant that they want to see internal audit more directly involved in advising on strategic risks – more than half said so. What they didn’t say is that they want internal auditors to take their eyes off the operational, financial and compliance risks. It’s just that strategic risks are the focus of both senior management and the board, and so it makes sense that, as the internal audit function aligns with the needs of these key constituents, it includes strategic risks in its line of sight.

Traditionally, auditors have done a good job analyzing financial risks. Recent years have seen the move into operational and compliance risk assurance as well. Compliance is a very hot topic with serious reputational underpinnings, so, unsurprisingly, there is a resounding affirmative that we need to continue to respond to that. Where there’s room for growth is in the strategic risk arena: If a company is going through a large ERP implementation, for example, the internal audit function can best add value and demonstrate its understanding of strategic risks by serving in a proactive consultative capacity to the project planning committee.

Not only are stakeholders expecting internal auditors to weigh in on a broader variety of risks, but they are increasingly looking for more timely and, sometimes, even real-time feedback. Audit plans need to be dynamic and audit processes agile enough to adapt on the fly to changes in the risk landscape.

That means that audit tools need to be equally agile. We’re seeing an increased demand for data analytics. A lot of great tools have come out in recent years that enable auditors to mine and report on entire data sets, instead of testing limited samples.

Internal audit’s role in identifying and analyzing risk has become a corporate imperative, even at companies with a separate risk management infrastructure, such as a chief risk officer or chief privacy officer. The difference between these “chiefs” and the chief audit executive (CAE) is that, in most organizations, the CAE reports to the board but also has more frequent face time with directors. This underscores how critical it is for the internal audit function to demonstrate an understanding of strategic risk and be an engaged, familiar face around the company, particularly with its leaders.

So how do we do that? We knock on executives’ doors, ask questions about the company’s direction, inquire about new markets and products, stay curious and informed, and connect the information received from different sources so that executives trust our “big picture” acumen and intuition and engage in this conversation with us. This, in turn, gets us invited more often to the table.

Relationships are key, and I will pick up the topic in my next post. You can access our April 6 webinar here.

Was this post helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Find a similar post by topics

Authors

Brian Christensen

By Brian Christensen

Verified Expert at Protiviti

EXPERTISE

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

While the return-to-office decision is often framed in a straightforward manner — we believe collaboration, productivity and innovation flourish more...

Article

What is it about

The top priority for healthcare internal auditors this year is cybersecurity, according to a survey by Protiviti and the Association...

Article

What is it about

What to watch: President-elect Donald Trump will take office in January 2025 with Republican control of both the Senate and...

Search