Integrated risk management seriously lacking
Audit managers say IRM remains work in progress
A huge 96% of global organisations that took part in a recent survey admitted that they lack mature integrated risk management (IRM) programmes. The survey was carried out by AuditBoard, the cloud-based platform focused on audit, risk, compliance and ESG management.
A surprising 11% of audit managers that took part in the survey report that they have no IRM strategy whatsoever, with audit, risk and compliance functions working independently.
A further 51% of organisations seem to know IRM is needed, but have no cohesive strategy for it, said AuditBoard.
“Another 24% have no formal strategy, but say they’re actively working toward connecting audit, risk and compliance functions. This finding is promising, reflecting a recognition of the need for IRM even if they aren’t yet using the specific term,” said the firm.
The industry benchmark survey found that over half of key stakeholders including audit committees, company boards, and chief financial officers are looking to internal audit teams to take on more risk-related work.
The study revealed that these expanding expectations are coming at a time when internal audit has limited bandwidth for advisory-related services.
Increasing risk demand and insufficient risk management capacity are creating a risk coverage gap for the business, concluded the firm.
AuditBoard said that in most organisations, management simply isn’t getting the information needed to make risk-informed decisions and drive business value.
The report looks at where internal audit teams are currently spending the majority of their time, and where adjustments could be made to help shift focus to value-added, risk-related activities.
“Organisations can better manage risk by adopting a connected risk strategy – a modern, cross-functional approach to managing risk across the enterprise,” said Tom O’Reilly, field chief audit executive and connected risk advisor at AuditBoard.
“Taking the lead on connected risk is a natural evolution of internal audit’s role given their wide range of governance, risk and compliance expertise coupled with their deep cross-functional relationships,” he added.
AuditBoard collected data from 150 respondents globally in an online survey conducted in February 2024. All respondents self-identified as a chief audit executive (CAE) or internal audit leader.
Approximately 28% of respondents were from the industrial sector, 25% from finance/insurance, 19% from services, 19% from government/education, and 10% from technology. More than 38% of respondents were from organisations with annual revenues between $500m and $5bn.