Risk Management and Internal Audit

RIMS and The IIA agree that how risks are assessed and managed can materially affect how an organization is positioned to achieve its objectives. Historically, the risk management and internal audit disciplines have approached risk considerations from their respective independent viewpoints.

At times, this disconnected approach has created confusion at best and conflict at worst. The IIA and RIMS believe that collaboration between the risk-related disciplines of internal audit and risk management can lead to stronger risk practices in meeting stakeholder expectations. The two functions make a powerful team when they collaborate and leverage one another’s resources, skill sets and experiences to build robust risk capabilities across their organizations.

Leading organizations have discovered efficiencies, better decision-making and improved results by forming strong alliances between the risk management and internal audit functions. In highlighting four case studies, this joint report identified four fairly common practices, although each organization approached them in different ways:

? Link the audit plan and the enterprise risk assessment, and share other work products

? Share available resources wherever and whenever possible

? Cross-leverage each function’s respective competencies, roles and responsibilities

? Assess and monitor strategic risks More importantly, from the descriptions provided, the authors recognized certain value that the organizations gained from the collaborative activity:

? Assurance that critical risks are being identified effectively

? Efficient use of scarce resources, such as financial, staff and time

? Communication depth and consistency, especially at the board and management levels

? Deeper understanding and focused action on the most significant risks