Executive Summary
-
Boards of directors and their committees, despite receiving extremely summarized and condensed information, now have a well-established responsibility for managing the overall organizational risk.
-
The effective management of risk is a prerequisite for ensuring good corporate governance.
-
Because governance seems to be so intertwined with risk, one strategy might be to leverage the internal audit function to work with different board committees and provide risk-relevant information.
-
The independent audit committee fulfills a vital role in corporate governance. The audit committee can be a critical component in ensuring quality reporting and controls, as well as the proper identification and management of risk.
-
A summary of internal audit-audit committee interactions is provided through the perspective of 20 Questions Directors Should Ask of Internal Audit.
-
The internal audit function has long been serving as the “eyes and ears” as well as the “arms and legs” of the audit committee of the board.
-
Internal audit role plays a critical role in keeping the audit committee abreast of the latest developments and goings-on of the company, and without such assistance, the audit committee cannot realistically fulfill its risk oversight responsibilities.
Introduction
In the aftermath of the Wall Street financial crisis, one of the major areas that has been identified as needing improvement is corporate governance. Boards of directors and their committees, despite receiving extremely summarized and condensed information, now have a well-established responsibility for managing the overall organizational risk (Kolb and Schwartz, 2010). A critically important element that was lacking before and during the financial crisis was relevant risk intelligence—most boards were caught off-guard and were truly surprised by the turn of events. Recent guidance from the Information Systems Audit and Control Association (ISACA, 2010) highlights the importance of risk monitoring by noting that “better monitoring means fewer surprises.”
The effective management of risk is a prerequisite for ensuring good corporate governance. Organizations exist to achieve their goals and objectives; however, because these goals and objectives have to be achieved in the context or environment of risk, they are not always assured (McNamee and Selim, 1998). Although the practice of risk management, on an enterprise-wide basis, is fundamentally the responsibility of executive management, the internal auditing function is typically charged with examining and reporting on risk exposures, as well as on the quality of the organization’s risk management efforts. The board has oversight responsibility with respect to management and, by extension, has responsibility for both effective risk management and governance.
It is evident that organizations worldwide need to strengthen their governance mechanisms. Nevertheless, placing the governance burden in its entirety on the board of directors is an unrealistic position to advocate, given the infrequency of meetings and their limited knowledge of business operations on a day-to-day basis. Because governance seems to be so intertwined with risk, one strategy might be to leverage the internal audit function to work with different board committees and provide risk-relevant information. In this article we will focus on the internal audit function supporting the audit committee with respect to enterprise risk management.
- Page 1 of 5
- Next section Internal Audit–Audit Committee Interactions
www.qfinance.com