Internal Auditors Not Giving Enough Risk Insights

CFOs and audit committee chairs are not getting enough insights into corporate risk management from their companies internal audit function, according to a new survey.

Click on the following link for the article:

Dave Tate, Esq. comment. The results of this survey really shouldn’t be surprising. There isn’t even agreement on what risk management is or a recommended process.

Risk management is a collaborative effort. If I’m on a board risk committee or on audit committee that has been delegated initial risk management oversight, yes, I’m going to request and expect executive management and internal audit to not only provide comments and evaluations about risk management, and also about the processes that are being used, and that should be updated and used.

However, as a risk or audit committee member, I’m also going to provide my comments about what I need to see and receive in that regard so that I am comfortable that what I am receiving allows me to perform my oversight responsibilities. Okay, so if internal audit isn’t giving enough risk insight as the article indicates, why is that, and what must be done to correct that dynamic? Those are questions that the risk or audit committee members must ask and act upon to satisfy their responsibilities as required by the business judgment rule, statutes, regulations, rules and the committee charter.