As internal auditors, it’s quite natural to assess and advise our organizations on effective risk management. With greater frequency, we provide assurance to management and the board that the enterprise is adequately assessing risks, and that risk mitigation strategies are being developed and implemented.
But what about our own risks? Can we say with any degree of certainty that we are identifying risks to our internal audit departments? And are we taking adequate measures to mitigate those risks?
All too often, the answer is “no.” We are frequently missing important topics when crafting our annual plans and we don’t always address inadequate resources or expertise on our staff. As a result, we almost certainly are failing to appreciate the risk to internal audit’s reputation if the wheels come off. As fragile as a reputation is, such inattention to risk never ceases to amaze me.
An overarching goal for any internal audit function is that it be a bastion of integrity and credibility within its organization. From my experience, one of internal audit’s most valuable assets is its reputation. However, one inaccurate internal audit report, a perceived bias by staff, or a perception of shoddy work can severely damage that reputation.
As I contemplate such risks, I believe there are at least five strategies to lessen the risks to an internal audit department’s reputation:
These are my thoughts on ways to mitigate risks to internal audit’s reputation. I welcome yours.