Internal Audit is a Key ERM Component

In a recent webinar to the Institute of Internal Auditors, John A. Wheeler from Wheelhouse Advisors provided a view of the role that internal auditors should play in the development and sustainment of a company's Enterprise Risk Management ("ERM") program.  One of the main points from the webinar was that internal auditors must help management look forward to emerging risks rather than reacting to current loss events.  In the current environment, internal auditors are uniquely qualified to guide management in this direction.  A recent report on the state of the internal audit profession by PricewaterhouseCoopers confirms this view.  Here is what they had to say.

To provide the greatest value, internal audit departments, as well as a company’s risk management function, should strive to anticipate and monitor the risks that are truly relevant to the success of the business. As previously noted, the strategic and business risks that have recently lead to breathtakingly rapid drops in shareholder value have caught even the most sophisticated risk management functions by surprise. Now more than ever, companies need an objective evaluation of, and additional assurance over, their enterprise risk management functions. The forward-thinking internal audit leader will want to consider the following:

• Board members, shareholders, regulators, and rating agencies have questioned internal audit leaders about their risk management evaluation capabilities. Successful departments have the answers and play an important role in the company’s overall ERM process.

• In 2008, S&P began to formally review ERM programs and consider risk management capabilities in their credit-rating process, putting this topic on the table with boards, CEOs, CFOs, and treasurers. With risk at the center of company creditworthiness, internal audit leaders—given their knowledge of risks and controls—should be part of the solution.

• Many companies have established risk committees to lead enterprise risk management efforts. This sets up a new constituent that requires internal audit leadership attention.Internal audit will increasingly have a place at the table when it comes to identifying and managing risk within the organization. In broadening the scope of its activities beyond financial and compliance risks, internal audit can also demonstrate value by enhancing the organization’s enterprise risk management function. 

Internal audit should, therefore, align its efforts with the company’s changing risk profile, especially those strategic, operational, and IT risks that are integral to shareholder value. If properly aligned, internal audit leaders will be in a position to provide assurance over the risks that are most relevant to the company, as well as to provide assurance over the company’s ERM function itself.

Wheelhouse Advisors can help your internal audit group build a risk assessment framework and audit program to ensure your ERM efforts are solid.  Visit www.WheelhouseAdvisors.com to learn more.