Corporate Finance, DeFi, Blockchain, Web3 News
Corporate Finance, DeFi, Blockchain News

Internal audit risk

Internal audit may be quick to point out the errors and deficiencies of others. They may – and should – assess whether the organization as a whole and each individual department is effectively managing risks to the achievement of their objectives.

Norman Marks
Norman Marks
But, does internal audit ever consider risks to the achievement of its own objectives?

They should. Whether independently or with the assistance of a corporate risk management function, internal audit should practice what they preach.

For example, the internal audit team should assess these sources of risk:

- Failing to understand, in a timely fashion, a significant business risk and as a result leaving it off the audit plan
- Failing to fully appreciate business needs and recommending change that does not address the real business issue
- Recommending change that addresses only the symptoms of a problem instead of its root cause
- Failing to obtain full value from the audit staff, whether from a lack of training or motivation
- Failing to be heard by management. Again, the causes of this may be many, including an inability to communicate, not demonstrating value that is appreciated by management, acting in a way that disrupts the business, and more
- Performing work that doesn’t really matter
- Inefficiency
- Reporting that is untimely
- An inability to effect change, with recommendations not being implemented. Reasons could include not being persuasive or failing to make the right recommendation
- An inability to recruit the talent needed to be successful
- Insufficient resources
- Poor relationships with the audit committee and/or executive management

It is time to walk the talk. Do you agree?

Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.

Lundi 4 Février 2013