To emphasize and recognize the role of internal auditors in auditing risk management, the Institute of Internal Auditors is launching a new professional certification.
The IIA plans to begin awarding the “Certification in Risk Management Assurance” with a program that begins later this year to identify and recognize those who already demonstrate some significant competence and experience in the profession. Internal auditors who meet some yet-to-be revealed criteria for their knowledge and experience in auditing risk management programs will be awarded the certification under a grandfathering process, says IIA's Alan Siegfried, who is chairman of the IIA's global exam development committee.
By mid-2013, the IIA expects to have an exam in place to certify further candidates going forward. The criteria for certification and the exam will be developed in large part based on a job analysis study that the IIA is undertaking to characterize good risk management assurance, according to Siegfried. The IIA will open a specific new survey in October to help shape the final content of the exam. The IIA says the certification will mark individuals who have demonstrated they can provide assurance on core business processes in risk management and governance, educate management and the audit committee on risk and risk management concepts, focus on strategic organizational risks, and add value for the organization.
The certification arises in part to respond to the heightened importance of risk management in the wake of the financial crisis, says Siegfried. “Most of the research that the IIA and other related professions are doing has shown that there's a desire by all stakeholders to have internal auditors more involved in having their organizations improve their governance and risk management processes,” he says.
The new certification will be the first of its kind to focus on the auditing of risk management, says Siegfried. Other risk-related professional certifications conferred by other professional groups focus more on assessing and mitigating risk, which are management duties in the eyes of the internal audit profession, he says. In some cases, those certifications are focused on specific sectors, such as insurance.
The new CRMA will be the fourth specialty certification that will be offered by the IIA. The professional is evolving in its role with managing and mitigating risk, the IIA says, with recent research suggesting that the evolution will continue. The certification will help management identify internal auditors who can be relied on to provide reliable assurance for the organization's risk management program, the IIA says.