Read Richard Chambers' Latest Blog
To Audit Emerging Risks, We May Have to Leave Our Comfort Zone
In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here's an excerpt from his latest post:
From the very beginning of our careers in internal auditing, most of us are trained to audit a handful of "core" risks. We rapidly become comfortable with traditional financial audits, regulatory compliance audits, and various common operational audits. We look at what was done in the past, and often we decide to audit the same things again in the same way – sometimes without even updating the audit plan.
Occasionally, the repetition is justified. After all, some risks are inherently worthy of internal audit coverage. But we now live in an era when risks are extremely dynamic. It is unlikely that all of last year's risks should be driving this year's audit plan. New risks surface every day, and we need to keep in mind that auditing at the speed of risk often means tackling areas where we may have little experience. Traditional, routine risks are easily identified, well known, and readily assessed; but they are not necessarily the risks that will imperil shareholder value today or tomorrow. Emerging risks, such as cybersecurity, can be more difficult to identify and assess, but that's one of the reasons they often are the risks for which internal audit focus is the most critical.
Read the full InternalAuditor.org blog post from IIA President and CEO Richard Chambers.