Norman Marks
But, does internal audit ever consider risks to the achievement of its own objectives?
They should. Whether independently or with the assistance of a corporate risk management function, internal audit should practice what they preach.
For example, the internal audit team should assess these sources of risk:
- Failing to understand, in a timely fashion, a significant business risk and as a result leaving it off the audit plan
- Failing to fully appreciate business needs and recommending change that does not address the real business issue
- Recommending change that addresses only the symptoms of a problem instead of its root cause
- Failing to obtain full value from the audit staff, whether from a lack of training or motivation
- Failing to be heard by management. Again, the causes of this may be many, including an inability to communicate, not demonstrating value that is appreciated by management, acting in a way that disrupts the business, and more
- Performing work that doesn’t really matter
- Inefficiency
- Reporting that is untimely
- An inability to effect change, with recommendations not being implemented. Reasons could include not being persuasive or failing to make the right recommendation
- An inability to recruit the talent needed to be successful
- Insufficient resources
- Poor relationships with the audit committee and/or executive management
It is time to walk the talk. Do you agree?
Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/
They should. Whether independently or with the assistance of a corporate risk management function, internal audit should practice what they preach.
For example, the internal audit team should assess these sources of risk:
- Failing to understand, in a timely fashion, a significant business risk and as a result leaving it off the audit plan
- Failing to fully appreciate business needs and recommending change that does not address the real business issue
- Recommending change that addresses only the symptoms of a problem instead of its root cause
- Failing to obtain full value from the audit staff, whether from a lack of training or motivation
- Failing to be heard by management. Again, the causes of this may be many, including an inability to communicate, not demonstrating value that is appreciated by management, acting in a way that disrupts the business, and more
- Performing work that doesn’t really matter
- Inefficiency
- Reporting that is untimely
- An inability to effect change, with recommendations not being implemented. Reasons could include not being persuasive or failing to make the right recommendation
- An inability to recruit the talent needed to be successful
- Insufficient resources
- Poor relationships with the audit committee and/or executive management
It is time to walk the talk. Do you agree?
Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/
Autres articles
-
Nomination | Truffle Capital promeut Alexis Le Portz en qualité de Partner
-
IPEM Paris 2024 : 5500 participants au Palais des congrès
-
Pomelo annonce une Série A à 35 millions de dollars menée par Vy Capital
-
Hong Kong : bientôt des premiers ETF Bitcoin ?
-
TMS Network (TMSN) Powers Up As Cryptocurrency Domain Appears Unstoppable. What Does This Mean For Dogecoin (DOGE) and Solana (SOL)?