Skip Ribbon Commands
Skip to main content
Global Institute of Internal AuditorsBreadcrumb SeparatorNewsBreadcrumb SeparatorBlog: When It Comes to Risk-based Auditing, Don't Let the Tail Wag the Dog

Read Richard Chambers' Latest Blog
When It Comes to Risk-based Auditing, Don't Let the Tail Wag the Dog​

In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here's an excerpt from his latest post:

​At last count, more than 80 percent of internal audit departments assess risks as part of their audit planning process. So, why is it that legitimate risks to the organization are often glossed over, or overlooked entirely, when internal audit is assessing risks? I fear this happens far too often, and that it poses a huge and potentially growing exposure both for internal audit's clients and for the reputation of the profession.

I have looked under the hood of scores of internal audit functions over the past decade, and I have engaged dozens of other CAEs in discussions regarding their risk-assessment practices. As I have witnessed firsthand, and many CAEs have candidly acknowledged, quite a few risks never make it onto internal audit's risk radar. There are a number of reasons for this oversight: The audit committee may explicitly limit the areas where they want internal audit to focus; a new risk may emerge so rapidly that its potential to wreak havoc is not fully recognized; or internal audit staff are subconsciously biased to assume that, because areas have historically been well controlled, no risks are present.

Read the full InternalAuditor.org blog post from IIA President and CEO Richard Chambers.