When it comes to corporate governance, I believe there is one enduring lesson from the past two decades: When boards of directors fail in their oversight responsibility of risk management, the results can be disastrous.
Managing risks for an organization is a complex and often dynamic undertaking that requires strong coordination among the board, management, the chief risk officer and the internal audit function. Identifying and mitigating risks through a sound risk-based internal audit process benefits all organizations, from mom-and-pop businesses to Fortune 500 corporations.
Failure to do so invites almost guaranteed problems at some level of the organization. It also can present a profound dilemma for the organization’s internal auditors who serve both management and the board.…