Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

IIA, RIMS Call for More Collaboration on Risk

Tammy Whitehouse | April 17, 2012

Risk managers and internal auditors are starting to put their heads together to figure out how they can collaborate to create a better approach to risk and decision making.

The Institute of Internal Auditors and the Risk and Insurance Management Society have produced a report, titled Risk Management and Internal Audit: Forging a Collaborative Alliance, to get internal auditors and risk managers thinking about their respective duties and where there might be some opportunity for them to work more closely to produce a cohesive view of and response to risk within an entity.

The report profiles four organizations that RIMS and IIA view to emulate a more collaborative approach between risk management and internal audit – Cisco Systems, Hospital Corp. of America, TD Ameritrade, and Whirlpool. The report highlights four practices those four organizations have in common – including linking the audit plan with the enterprise risk assessment, sharing resources, assessing and monitoring strategic risks, and cross-leveraging each area's respective competencies, roles and responsibilities.

Both risk managers and internal auditors have seen big changes in their roles in recent years, says Hal Garyn, vice president of North American services for the IIA. “Risk managers have certainly moved in their organizations far away from being responsible for managing only the corporate insurance program,” he says. “At the same time, internal auditors have moved away from what may have been a controls-based view of business to a more risk-based view of business.”

With both professions serving essentially the same stakeholders – boards of directors, audit committees, and management, primarily – it makes sense for them to talk the same language and collaborate more closely to assure a singular view of risk throughout the organization, Garyn says. “We're not saying that this is not happening, but it's not happening to the level many organizations would like to see,” he says.

In a separate report, the semi-annual Pulse of the Profession, the IIA says chief audit executives are exploring a variety of strategies to enhance the value of the audit function to the organization, but there are still plenty of ways internal audit can better align its planned audit coverage with risks that are considered important by the organization.

IIA President and CEO Richard Chambers says companies should take advantage of a somewhat stable period of financial and staffing resources for most companies to look for ways to improve the stature and relevance of internal audit function within the entity. The report is based on a survey of more than 460 audit executives in the United States and Canada.