With risk management and strategic risk playing a growing role in enterprise decision-making, stakeholders are eager to gain more insight into their daily operations and potential risk areas. In a study by the Institute of Internal Auditors (IIA) and Protiviti, 85 percent of North American stakeholders say they want internal audit involved in identifying known and emerging risk areas; 78 percent would like to see internal audit facilitating and monitoring effective risk management practices by operational management; and 78 percent want audit to identify appropriate risk management frameworks, practices and processes.
The survey, Relationships and Risk, Insights from Stakeholders in North America, also found that 58 percent of stakeholders believe internal audit should be more active in assessing strategic risk. In this objective, stakeholders said that internal audit should focus on strategic risks as well as operational, financial and compliance risks during audit projects, and that internal audit should periodically evaluate and communicate key risks to the board and executive management.