BOARDS, CEOS, AND CFOS NEED TO DEMAND A LOT MORE FROM INTERNAL AUDIT AND RISK GROUPS

摘要

Customers of internal audit and risk services, including boards and C-Suite executives, have generally been quite content using process centric metrics like "% of planned audits completed", "completion and maintenance of the company's risk register" and other similar metrics focused on execution of processes. As a general statement, a large percentage of the customers of internal audit and risk management services have been largely apathetic and indifferent. These same customers would absolutely not tolerate sales groups or other line functions that want to be measured largely on process execution, not important end results. This article explores this phenomenon and the evolution of new regulatory expectations for boards and CEOS and the release of COSO ERM during the summer of 2017. After exploring the puzzling evolution of metrics for risk groups and internal audit functions the author proposes objective centric ERM and internal audit as a better way forward for risk specialists and internal auditors, an approach that is better positioned to measure the real contributions made by these functions.