June 22, 2023
To some extent, all business functions are responsible for managing risks. However, certain departments have direct responsibilities in risk management, such as Internal Audit, Enterprise Risk Management (ERM), and Fraud Risk Management. Integrating and fostering collaboration between these functions can result in more effectively addressing risks and protecting against fraudulent activities.
This is particularly critical for geographically dispersed entities like international non-governmental organizations (INGOs), where remote work has triggered an uptick in fraudulent activity. GRF recently engaged with C-suite executives from around the world to discuss their foremost risk concerns. During this Humentum CEO Roundtable discussion, a prevailing concern was getting these functions to work more effectively together.
GRF recommends these best practices to foster collaboration:
Communicate Regularly
Regular and open communication lays the foundation for successful integration of Internal Audit, ERM, and Fraud Risk Management. Consider the following strategies:
Increase Scheduled Meetings: GRF has found that organizations with the most successful integration of these functions hold monthly meetings between department heads. These meetings provide an opportunity to discuss risk status, ongoing audits, emerging issues, lessons learned, and upcoming assessments. By maintaining a consistent dialogue, the departments can stay informed and aligned.
Leverage Existing Meetings: Given the busy schedules in hybrid work environments, it is beneficial to leverage existing meetings by including key employees from other functions. This allows for efficient dissemination of information, minimizing the number of meetings on everyone’s calendars.
Leverage Each Other’s Expertise
Collaboration between Internal Audit, ERM, and Fraud Risk Management can be strengthened by capitalizing on their respective expertise. Consider these approaches:
Share Risk Insights: Internal Audit can engage risk management professionals during the planning and reporting phases of their engagements. By discussing top risks and concerns, Internal Audit can receive feedback that informs the development of testing procedures and reporting on findings.
Assist in Risk Mitigation: Risk management professionals can tap into the expertise of Internal Audit by involving them in assessments or procedures related to identified risks. Internal Audit can provide recommendations for risk mitigation and further assess specific risks. Additionally, Internal Audit can offer strategic direction to the ERM function, performing benchmarking or maturity assessments of the ERM function itself.
Create Cross-Functional Reports
Connecting the reports generated by Internal Audit to the risk management function enhances the effectiveness of both departments. Consider the following approaches:
Business Impact and Risk Register: Internal Audit can strengthen their observations and recommendations by linking them to identified risks within the risk register, whenever possible. This demonstrates the relationship between engagement findings and the risk management function, highlighting the significance of addressing those risks.
Updated Audit Plan: Internal Audit can provide detailed information in the Internal Audit Plan about how specific audits and assessments will address risks identified in the most recent risk register, assessment, or report. This alignment ensures that audit activities are directly tied to mitigating identified risks.
GRF Can Help
Aligning all the business functions that have a hand in risk management will help optimize efforts and achieve greater operational efficiency. GRF’s certified professionals provide risk-based internal audit solutions across all aspects of operations for domestic and international organizations. We can help prioritize and assess key processes to identify vulnerabilities, enhancements, opportunities for automation, and best practice recommendations.
For any additional questions, feel free to contact the GRF team that led the discussion: