The next generation of internal auditing

I want to congratulate Workiva and Jose Tabuena for Internal Audit’s Guide to Planning, Managing and Addressing Risks. I want to focus on the first piece in that publication, Planning to Do the Right Audits: An Effective Internal Audit Risk Assessment.

Here are some excerpts, with comments by me:

• While the responsibility for identifying and managing risks belongs to management, a key role of internal audit is to provide assurance that those risks are being appropriately addressed and mitigated. [ndm: sometimes it is appropriate to take risk, even more of it, for business reasons.]
• Are you confident that your department understands the risks that are critical to the delivery of value and the achievement of corporate objectives? Every organization faces numerous risks that matter individually to managers with whom auditors interact, but are they risks that matter to the organization as a whole? The risks that truly matter are those that need to be addressed in the audit plan. [ndm: this sound like something I would say.]
• Change does not occur on an annual basis. The move to a continuous and dynamic audit plan is significant for most internal audit departments.
• It’s usually those who are in the…