The audit committee’s agenda is packed whether it’s oversight of evolving risks or a business as usual topic such as financial reporting. Leveraging internal audit (IA) to aid in understanding complex topics and the company’s ability to effectively mitigate risks is imperative these days. As you prepare for the quarter and your next meeting with the chief audit executive, here are three questions to consider for discussion:
Internal audit continues to be viewed by many as an assurance provider focusing mainly on financial reporting risk and SOX controls that provide a reactive perspective on risks. Leading organizations are evolving their view, looking for internal audit to more proactively provide assurance and insights over operational and strategic risks as well as key strategic initiatives.
The last few months have seen a flurry of activity as companies try to understand the details of the SEC’s proposed rules and their implications.
With a limited amount of time and increasing public scrutiny, it is critical that the audit committee have a clear picture of the company’s top risks, risk owners, and mitigating activities. While IA may not be formally tasked with building an integrated assurance program for the organization, they should understand how other risk functions view the risks in their respective areas. That also includes understanding other assessment and monitoring activities performed across the business to better inform the internal audit plan.