A few columns ago, I posited the idea that you can develop an integrated approach to auditing corporate governance, risk, and compliance. First I explored auditing compliance, and the risk. Now I will conclude the series and explain (finally) how governance (the “G” in GRC) provides the foundation that binds these disciplines together in a coherent way.
Unfortunately, the internal auditing profession doesn’t possess a sterling reputation with respect to auditing governance, or really any aspect of GRC. The audit teams that I’ve seen (both internal and external) seem to lack an in-depth understanding of GRC concepts. And key stakeholders, including ...