Enterprise Risk Management (ERM) and Internal Audit (IA) are not immune to change, asserted Ramesh Pillai, at an IERP Tea Talk recently. Commenting frankly and openly on the changing environment which was one of the greatest challenges confronting business today, he said rapid changes were complicated further by the uncertainties brought about by the Covid-19 virus and its fast-mutating variants. These changes have spurred the speedier adoption of technology, and businesses were finding it necessary to digitise operations to stay viable. Analytics has improved, and is now being used more extensively, he said, making it easier for management and auditors to review businesses and operations.
However, the IA function was still struggling to find its level. Competencies and capabilities at all levels, from the board downwards, was still generally lagging. Providing assurance has always been one of the functions of IA which has traditionally been focussed on preventing failure. It has long concentrated on whether management was properly handling risks; what controls were in place and if they were sufficient and being applied appropriately. Risk management, on the other hand, is about “bringing the future into the present” and identifying what could happen so that mitigation can be applied to decrease negative impact and manipulate the upside.
21 The IERP® Monthly Newsletter December 2021