The internal audit activity should assist the organization by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems.

IIA Standard 2110


Internal auditing has grown tremendously over the years to reflect its new high-profile position in most larger organizations. It has shifted from back-office checking teams to become an important corporate resource. The focus on professionalism and objectivity has driven the new-look auditor toward high-impact work that can really make a difference. The key development that has underpinned this change relates to the shift from enforcing controls on employees to using an assessment of risk to empower management and their staff to establish meaningful controls over their business. This move from must-do to want-to control cultures has allowed employees more scope to innovate and experiment.

Unfortunately, in the past, robust risk management processes have not always been in place. The rapid change programs of the 1980s and '90s meant that many organizations were likened to speeding trains that would leave behind anyone who was not bold enough to jump on board and hang on for dear life. Investors expected quick returns, while competition was about being the first to bring new or improved products to the market-place—or at least give that impression. The resultant crashes and scandals that rebounded throughout the last decade underpinned ...

Get Auditing the Risk Management Process now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.