“To better serve the organisation’s needs, ERM and IA have to think offensively by focussing on objectives and intelligent risk-taking,” Ramesh said, remarking that a lot of auditors tended to challenge risk-taking when they should actually be trying ensure robust risk taking. Steps should be taken to reinvent IA to satisfy key customers, particularly board members. “Risk and Audit are two sides of the same coin,” he said. “They are complementary and should work with each other.” But this can be a major challenge; what is critical is that IA should satisfy the needs of board members. In order to do this, Risk and Audit should harmonise their roles to support the business.
But what should the relationship between ERM and IA be like? Firstly, the ERM function should operate on its own, independently, and not be “parked” within the IA function. Doing so will likely result in a conflict of interest in IA. ERM and IA have to work together to understand any concerns that IA may have about a business unit and ERM’s assessment of risk pertaining to it. This kind of cooperation will ensure the organisation’s success. Key questions to ask when finding a way to collaborate effectively include whether the IA function could expand its focus to cover risk-taking, and not just limit it to risk avoidance; and other ways in which ERM and IA could cooperate.
Expanding on the issue of conflict of interest, Ramesh explained that the Institute of Internal Auditors (IIA) standards say internal auditors should be objective and not be unduly influenced; they should be independent. “IA and ERM should be best friends,” he said. “IA should use ERM information to identify and manage risks, develop and update audit plans and ensure IA resources are being appropriately focused.” IA is tasked with providing assurance that the ERM programme is working effectively and documentation is in order. ERM can also bring up concerns and reach out to IA when designing programmes, discuss plans and request constructive feedback.
22 The IERP® Monthly Newsletter December 2021