4 Key Risk Areas Internal Auditors Can’t Overlook


Whether you call it chutzpah, moxie, or just plain guts, internal auditors need to show more of it.

That’s the overarching message of the 2017 North American Pulse of Internal Audit report, Courageous Leadership: Instilling Confidence from Within, from the Institute of Internal Auditors (IIA).

“It takes courageous leadership to enhance and protect organizational value,” the report states. “Chief audit executives [CAEs] must have the courage to look both outward at the organization, and inward at the internal audit function. We must consider risks that likely have been given little attention, and make changes.”

So, with that gauntlet laid down, the IIA cited four often-overlooked risk areas that need more attention:

  • Communications not traditionally subject to independent assurance, such as analyst presentations, sustainability reporting, and some operational reporting.
  • Environmental, health, and safety (EHS) risks.
  • Internal audit’s use of data analytics.
  • Interpersonal dynamics between internal audit and others in the organization.

Here are the key takeaways regarding each risk category:

1. Communication risks. Everyone in the corporate chain – managers, investors, and other stakeholders – makes strategic decisions according to the information they receive outside of financial statements, the report states.

The majority (66 percent) of Pulse survey respondents who receive such information said inaccurate, incomplete, misleading, or confusing communication poses a significant concern about risk to their organization’s reputation.

“While external audit provides assurance over formal financial statements, this does not include all the communications important to the organization, nor the related processes and controls,” the report states. “Independent assurance can come from internal audit, external audit, or an independent third party.”

Please Login or Register to read the full article

To access all of the content on our site, register (it's free!) or login to your existing account.

About Terry Sheridan

Terry Sheridan

Terry Sheridan is an award-winning journalist who has covered real estate, mortgage finance, health care, insurance, personal finance, and accounting and taxation issues for newspapers, magazines, and websites. A Chicago native and former South Florida resident, she now lives in New England.


Please login or register to join the discussion.

Mar 30th 2017 08:32

This is remarkable, looking at the internal audit function as a tool to enhance the integrated aspects of an organization that build up to successful in the real sense of it. An organization is about its mission, vision, targets and objectives, and the strategies to ensure the realization of all of the above. Controls are therefore important to this end.
Emphasizing the need for internal auditor to remind themselves of the impact of proper communication, the value of EHS rick assessment systems, the importance of data analytics in information processing and the benefit of managing interpersonal dynamics, is like awakening a slumbering central back defender in a soccer match. True management takes credit for good decisions. Who then looks at the functionality of the system to provide assurance that things are going on right? How them will we say all is right if we fail to consider these vital aspect of the organization given the changing economic environment?

Thanks (1)