Carpe Diem

PricewaterhouseCoopers' latest study is a call to arms for number-crunchers. "Internal audit must seize opportunities to enhance its relevancy," reads the tagline for its annual "State of the Internal Audit Profession" study. The industry has been repeating this mantra since the Enrons and WorldComs of the world helped usher in Sarbanes-Oxley, but as risk managers try to achieve this goal, there is increasing evidence that audit and risk management's missions are aligned. When it comes to governance, 65% of auditors surveyed now support board-level committees with assessments for key enterprise risks while 58% report on risk management effectiveness and 43% are in the discussion about emerging risks. Just because more auditors are talking to the board about risk issues, however, does not necessarily mean they are effecting change. "Is internal audit helping to assess key enterprise risk or not?" asks the study. "The answer probably lies somewhere in the middle...What is clear, though, is an expectation for better clarity and context for risk assessment to bring a strategic focus to the effort." Since the board likely does not care whether this strategic risk focus  comes from audit or risk management, it may be time, then, for risk managers to do some opportunity seizing of their own.