Why Risk Management Should Collaborate With Internal Audit

Risk management and internal audit should work together. That’s according to a joint report between RIMS and the Institue of Internal Auditors released last week. “The two disciplines are more effective working together than separately, especially when there is a common understanding of each other’s roles,” said Carol Fox, director of RIMS’ strategic and enterprise risk practice. She noted that internal audit’s role helps inform top executives about the companies’ strategic risks while risk management function helps leadership use the proper techniques and methods to assess all the possible outcomes of different strategic paths.

In short, internal audit sees everything that is going on within a company. And risk management can take that knowledge and ensure that all contingencies can be properly understood.

During a panel session at RIMS 2012 Conference & Exhibition on enhancing the value of risk management, Diane Askwyth a risk manager at Harrah’s Entertainment, echoed these sentiments and expanded on how risk managers can partner with their colleagues in internal audit. “You have to look at internal audit as another pair of eyes for you,” said Askwyth. “It’s a very powerful resource if you can get that in your corner.”

In fact, more than just serving as an additional resource, that partnership can greatly enhance your standing in a company. Because if risk management isn’t using the knowledge that audit has, audit will be. And that will mean that the risk management department’s standing will be lowered by comparison.

“The group that knows the most about what’s going on in the entire organization on a very granular level is internal audit,” said Askwyth. “And from that perspective, they have a big advantage over us. So they can either be your enemy or they can be your best friend. It’s your job to make them your best friend — or else they’ll slit your throat.”

Kristina Narvaez of ERM Strategies, LLC  has some advice. She says there are three “Cs” that should govern risk management’s relationship with internal audit. “You can complement and collaborate but you don’t compete against each other,” she said.

Similar Posts:

One thought on “Why Risk Management Should Collaborate With Internal Audit

  1. Internal Audit has an additional advantage over Corporate Risk Management: auditors travel more frequently, particularly to international locations. During the audit process, they are able to check corporate standards against local business nuances. A risk manager has to do that via phone or email. Working with Internal Audit is therefore extremely important and cooperation should be reinforced, e.g. by organizing joint visits to local operations.


Leave a Reply

Your email address will not be published. Required fields are marked *