As internal auditors, it’s quite natural to assess and advise our organizations on effective risk management. With greater frequency, we provide assurance to management and the board that the enterprise is adequately assessing risks, and that risk mitigation strategies are being developed and implemented.
But what about our own risks? Can we say with any degree of certainty that we are identifying risks to our internal audit departments? And are we taking adequate measures to mitigate those risks?
All too often, the answer is “no.” We are frequently missing important topics when crafting our annual plans and we don’t always address inadequate resources or expertise on our staff.…