Recently I had the honor of moderating a session on “Internal Audit: The first line of defense”. The panel consisted of:
- A head of internal audit/ CRO
- A CRO
- A risk professional and
- A Risk advisory partner from a big 4.
Some of the insights from the session are:
- Internal Audit is the Third line of defense.
- A Internal Audit which is acting as first line of defense is not an internal audit.
- Independence and objectivity are the hall mark of internal audit, without which internal audit is not an internal audit.
- Internal Audit has a major role at the time of process definition, to bring controls in the process, ensuring balance of risk and controls, helping designing the governance structure.
- Increasingly Internal Auditor need to move towards foresight from hindsight.
- Assurance is non negotiable while value addition is desirable.
- Lack of clarity in role of Internal Audit and risk Management make function boundaries blurred.
- Internal audit need to be more proactive, closer to business, have understanding of business, yet need to ensure independence and objectivity to remain relevant.
- Internal audit need to provide more assurance in near time as compared to far time.
- In case of a fraud, one has to have personal risk management in place as, the first call to management goes to Internal Audit/ Risk Management.
- Management of expectations are important.
Call for action:
Inputs/ comments/ suggestion: I welcome inputs/ comments / suggestions from readers on how to approach this issue. Feel free to correct me, educate me.
Share the Article: If you like it, share it. If you share it with others, and they comment, we all will get more learned.
(Disclaimer: The views expressed constitute the opinion of the author and the author alone; they do not represent the views and opinions of the author ’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the author is, or has been a part of.)