Today, the connection and communication between internal audit, risk management and compliance functions is more important than ever. Too often, internal audit plans fail to address the risk areas that may have the most impact on the organization’s objectives in the right way and at the right time. Failure to use information, metrics and assessments performed by risk and compliance often leaves internal audit in the dark about what really matters, or at least creates redundancy and waste of resources as audits are performed.

This installment of our GRC Illustrated Series outlines a more mature approach to maintain ongoing communication and sharing of information that allows internal audit, risk and compliance to each view and use what they need when they need it.