Risk Managers and Internal Auditors A COLLABORATIVE PROCESS

1
Risk ManagersandInternal AuditorsA
COLLABORATIVE PROCESS

• Presented by Alan J Wilson, Risk Manager
• Edith Cowan University
• Perth
• May 2000

2
Theres always been a bit of a turf war among
the different risk managers. With enterprise
risk models and the advent of the chief risk
officer, the battle has heated up.
(Kloman, 1999).
3
Further, traditional risk managers. have
failed to develop skills that would allow them to
contribute to the broader idea of integrated risk
management approaches in their organisations..
(Kloman, 1999)
4
Risk Managers are first and foremost facilitators

• They act as facilitators of the risk management
  process within the organisation.

5

• They pull together a range of functions, experts,
  people with a range of responsibility, eg. legal,
  finance, OSH, environment, architects, engineers,
  marketing, planners and so on to assist in the
  management of risk including a range of treatment
  options.
• They are integral to the Corporate Governance
  process.

6

• They are fabulous -
• Communicators
• Facilitators
• Analysts
• Thinkers
• Negotiators
• ..and so on

7

• But do they need also to understand credit risk,
  foreign exchange and various hedging schemes,
  securetisation etc?

8
What is Internal Auditing?

• Internal auditing is an independent, objective
  assurance and consulting activity designed to add
  value and improve an organisations operations.
• It helps an organisation accomplish its
  objectives by bringing a systematic, disciplined
  approach to evaluate and improve the
  effectiveness of risk management, control, and
  governance processes.

9
.Not only is the auditor the right arm of
management in ensuring that policies and
procedures are carried out effectively and that
risks are kept to a minimum, but auditors are
actively involved with governance.. (Institu
te of Internal Auditors)
10

• ..internal audit departments may be the most
  at-risk group in many organisations if it fails
  to be relevant to organisation needs..
• ..few internal audit departments contribute to
  risk management.
• (The Internal Auditor, April 2000)

11

• Risk Managers
• and
• Internal Auditors
• Can Work Together
• to Add Value to
• the Process of Risk Management
• by...

12

• Ensuring risk-based auditing through
  collaboration and use of the risk managers Risk
  Register.
• Benefit
• Avoids duplication of effort.
• Utilises risk managers RMIS and analysis of level
  of risk.
• Ensures internal audit focuses on the
  organisations risk priorities.
• Risk register captures risks from throughout the
  organisation.

13

• Regular interaction between risk manager and
  internal audit.
• Benefit
• Ensure audit team is appraised of any changes to
  risk profile.
• Receive audit reports on a timely basis to update
  risk treatment plans and action.

14

• Ensuring risk management input into Audit Plan
• Benefit
• Again avoids duplication of efforts.
• Ensures audit plan focuses on high priority
  risks.
• Obtains background information from risk manager
  and rationale for level of risk.

15
Further BenefitsRisk ManagementandInternal
AuditReport to one committee ofCouncil/Senate
16

• Risk Management and Audit Committee
• Benefit
• Improves corporate governance throughout the
  University.
• Avoids necessity for further committee and
  duplication of effort and resources.

17

• Expansion of skills base and knowledge
• Benefit
• Removal of another silo.
• Improves horizontal communication and information
  throughout the organisation.

18
HOWEVER..

• Internal Audit Must Maintain Total Independence

19

• As a result must remain separate from risk
  management which is a facilitation, advisory,
  operational (amongst others) role.
• Rationale
• Audit must have an independent monitoring role
  that is integral to corporate governance.

20
CONCLUSION

• Significant advantages from collaboration with
  Internal Audit towards the achievement of a
  valued risk management program and lowering of
  the cost of risk.

21
QUESTIONS?