False battle: Risk managers vs. internal auditors
Risk management as a corporate discipline has been on the upswing ever since the financial crisis of 2008, which spawned Dodd-Frank.
Risk across an enterprise has never received so much attention from regulators, directors, top executives and shareholders. At the same time, one could argue that after a palpable spike in stature for many years following the passage of Sarbanes-Oxley in 2022, internal auditors have seen their internal stature plateau just a bit.
"Because internal audit and risk management are now being asked by their company executives and boards to team up to boost the value of their efforts, it's in their best interest to find ways to do so. As a result, the two disciplines at some organizations have started to share risk information to increase the awareness of the critical risks and the management and control of those risks," notes CFO magazine.
In fact, the Institute of Internal Auditors and the Risk and Insurance Management Society have just released a joint report, "Risk Management and Internal Audit: Forging a Collaborative Alliance," making the case that "these alliances have helped organizations discover efficiencies, better decision-making, and improved results."
The report takes a look at four cases studies in successfully developed "open communication between internal audit and risk management," showing how the two functions can make "a powerful team when they collaborate and leverage one another's resources, skill sets and experiences to build risk capabilities within their organizations."