Which risks does IA audit?
I need your help.
A couple of weeks ago, I chatted with representatives from the IIA Standards Board and IIA staff about their proposed changes to the Standards.
Unfortunately, they feel that few internal audit departments have moved to what I call enterprise risk-based internal auditing – auditing the risks that are critical to the success of the organization as a whole, rather than micro risks at the process or location level. So, no change in risk assessment guidance is planned at this time.
Please take a couple of minutes and answer the single-question survey at this link. I am hopeful that it will help us move the profession forward and close the value gap between what IA does and what stakeholders need. (See here for more on that topic.)