Thanks to Lexis Nexis for making my most recent article available from the current issue of Risk Management Today to my clients and readers.

The article reviews the latest benchmarking study from IIA and Protiviti of 160 heads of internal audit from around Australia and draws out three key themes of interest to those charged with oversight of internal audit and risk management.

Key points

• It is now the norm for internal audit to be independent from management. If you are not in line with the IIA’s Policy Agenda, you may be an outlier.  Given that these are simple mechanical mechanisms, we recommend benchmarking your function against these areas and taking action accordingly.
• Internal audit still struggles to demonstrate compliance with professional standards.  Given that these matters are relatively straight forward, organisations should insist that their internal audit functions and outsourced providers comply with the IIA’s International Professional Practices Framework.
• Quite rightly, strategic risk has entered the top 5 priorities for heads of internal audit, however the reality is that capabilities in this area are embryonic at best. Organisations should assess whether have this capability in-house, and if not take steps to develop it, or periodically engage professional assistance to fill this gap. The first step is to understand what strategic risk is, and this article takes some initial steps towards defining this.

Please feel free to download the article and pass it on. (Download, pdf, 3 pages, 113kB)

For more information on this publication can be found here.

Todd

Related links

Strategic risk and emerging risk capability assessment

The good folks at Lexis-Nexis have been kind enough to invite me to be on the editorial panel of their new magazine Risk Management Today, and to have the lead article in the inaugural edition.  They’ve also been kind enough to make this article available free of charge to my clients and readers for a limited time.

The article aims to get beyond the literature and standards, and give insights on some of the key things to look for when assessing the adequacy of an organisation’s risk framework.  It is pitched at those who are not necessarily experts in risk management per se, but rely heavily on an organisation’s risk management framework.

Key points

• Despite organisations making significant investments in risk management, they still fall short in dealing with disruptive change.
• Regulatory changes seem unlikely to get to the heart of what really matters in avoiding significant destruction of shareholder value in the future.
• Seven key areas of risk management areas are discussed that investors, boards and the C-suite should be looking for.

Please feel free to download the article and pass it on.

Download the article (pdf, 3 pages, 86kB)

Also this publication is shaping up to be a very good one, and I’d encourage you to have download the inaugural issue and have a look (free download for a limited time).

Todd