Are You Meeting Your Stakeholders' Expectations?
Chief Audit Executives (CAEs) seeking to meet and exceed stakeholder expectations will implement high performance internal audit programs. The Internal Audit's (IA) role is to provide assurance to the board and executive management.
Risk appetite and tolerances need to be correctly defined; risk mitigation strategies and internal control systems need to function as intended.
The Internal Audit role needs to re-invent itself and find the proper balance between the independent assurance role and the advisory role. In order for audit to fulfill its independent assurance role, audit needs to take an advisory role in broader risk management and compliance programs. This needs to happen without losing independence.
Advise on a common risk language, risk reporting structures, risk taxonomy structures and more are all vital to the success of audit and the programs in the other lines of defense.
Gone are some of the day to day compliance restraints, thanks in part to Sarbanes-Oxley and its spin-off. Now we are in the days of true advisory services. This atmosphere has prompted an important shift in the role of IA. New demands from government regulators, boards and senior management are requiring IA to move beyond comfortable boundaries and take their seat at the table.
As regulatory compliance responsibilities have shifted, precision, transparency, and consolidation of governance, risk and compliance issues have become critical. IA's mandate to all areas of business, personnel, and resources uniquely position it to enhance and expand its contribution to these enhancements. IA has therefore taken on a prominent role as businesses recognize the value of its central positioning within their organizations and its contribution to maintenance and assurance.
One of the key notes is by Paul Grainger on building a GRC program and processes to add value to the Organisation and the bottom line.
The financial uncertainty has forced companies to involve its Governance, Risk and Compliance Officers more responsibly to provide solutions to the new challenges with increased demands for far-sighted results due to their specific skills to oversee Governance Risk and Compliance processes. The GRC officers are also playing a role in identifying the company's growth pattern and have a greater say in which direction it should go to avoid major pitfalls.
Starting a Program to Build a Risk and Compliance Organization
- Provide input to strategy, analysis, coaching and growth
- Ensure timely information and good GRC management
- Deliver strong economic GRC analyzes on key business units
- Compliance to increased regulation and complexity of managing across borders
- Solutions to technological limitations and outdated IT systems,
- Working towards greater efficiency and better exchange of information.
- Implement a International Compliance program using a holistic GRC model that takes into consideration a wide range of Risks incl. cultural differences, disparate regulatory regimes, new business environments etc.
- Learn how to develop a strategic approach to risk management, controls, and assurance processes, to ensure compliance programs are aligned with corporate strategy—improving performance, mitigating risks, and achieving compliance goals all in one stroke.
- The holistic approach to GRC can promote ethical behavior and encourage a more resilient global risk-management program.
Paul Grainger, MD, Institutional Division, Resources Compliance
Please read the whitepaper
that audit and advisory are needed to evolve an Integrated Governance, Risk and Compliance (GRC) Technology Solution.