Internal Audit’s Risk Strategy

Morgan O'Rourke


August 29, 2012

The connection between risk management and internal audit is becoming increasingly apparent, according to a survey of chief audit and C-suite executives by Ernst & Young. “The Future of Internal Audit Is Now,” reveals that 75% of respondents believe that risk management has a positive impact on the long-term earnings of an organization and that internal audit, in turn, has a positive impact on overall risk management efforts.

Nevertheless, 80% believe that the internal audit function has room for improvement, particularly as its priorities shift from compliance and financial controls to improving the risk assessment process, enhancing the ability to monitor emerging risks and reducing costs without compromising risk coverage. The survey suggests that in order to create value, internal auditors need to align their goals and strategies with those of the larger organization.

“Internal audit can use the organization’s overarching organizational strategy to identify the risks that matter most in the context of the organization’s risk appetite,” said Randall Miller, Ernst & Young advisory global risk leader. “Elements of the organizational strategy will vary by industry and are very specific to the business, but to remain relevant, internal audit needs to use risk assessments based on the organization’s strategic objectives.”

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)