Risk Management and Internal Auditing

Of late, ‘risk management’ has become a glamorous buzzword. Organizations across the world have started to focus on risk management. ‘Chief Risk Officers’ have become norm of the day in several corporations. ERM, Risk Dashboard, Risk Appetite, Risk Tolerance, Risk Matrix, Risk Strategy, Risk Model, Risk Framework, Risk Governance, Risk Maturity – whatever you name it — these have become part and parcel of C-Suite Executives’ vocabulary.

Despite the intense amount of research that has taken place over this concept of risk management, organizations never seem to be on the top of the game; they keep lagging behind; and we still keep seeing some mighty catastrophes happening around us. Few examples:

  • BP’s Deepwater Oil rig explosion in Gulf of Mexico in 2010
  • Failures of risk management (particularly) in the financial services sector in the 2000s which became a major contributor to the global economic crisis of 2007-2008
  • Massive accounting scandals and scams of early 2000s

In spite of all the well intentioned efforts, resources, and time spent by the organizations to manage risk effectively and efficiently, we continue hearing the news of frauds, corruptions, bankruptcies, losses, man-made disasters, etc on a daily basis. So in this game of risk management, as internal auditors, where do we fit in? After all, is it necessary for us to chime in? Do we have any role to play? These are questions that keep pondering my mind.

True, risk universe for any organization may be far bigger than the audit universe; and it may be a mammoth task for internal auditors to provide assurance on risk management. But, before we move on, I wish to present some of the interesting quips on risk management:

  • “Extensive behavioral and organizational research has shown that individuals have strong cognitive biases that discourage them from thinking about and discussing risk until it’s too late.” ~ Harvard Business Review, June 2012
  • “Risk mitigation is painful, not a natural act for humans to perform.” ~ Gentry Lee, Chief Systems  Engineer at Jet Propulsion Lab, division of US National Aeronautics and Space Administration
  • “Risk management is non-intuitive. It runs counter to many individual and organizational biases. Risk management focuses on the negative – threats and failures rather than opportunities and successes.” ~ Robert S. Kaplan, Baker Foundation Professor at HBS and Anette Mikes, Assistant Professor at HBS

Thus, it is not difficult to understand that providing assurance on risk management by internal audit function is easier said than done. It’s not going to be a cakewalk either. It essentially requires moving out of our comfort zones and delving into enlarged and unexplored territories. Who knows? In the years to come, assurance over risk management could become a key imperative for internal audit profession as such.

Realizing the need and importance of the hour, the Institute of Internal Auditors (regulator of the internal audit profession worldwide) with much conviction has launched the Certification in Risk Management Assurance (CRMA) currently. This certification is aimed at developing internal auditors with proficiency in providing assurance on risk management effectiveness.

Okay, I believe it’s time to get ‘brisk’ on ‘risk’!!!

Question: Do you agree with me? Do you think providing assurance on risk management effectiveness is internal auditors’ cup of tea? Please share them by leaving a comment to this post. I welcome your thoughts.


0 Responses to “Risk Management and Internal Auditing”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


October 2012
« Sep   Nov »



Online Accounting Degree blog feature

%d bloggers like this: