Auditing Your Organization’s Risk Culture: The Next Frontier for Internal Audit
Regulators all over the world are increasingly focused on identifying and shaping the “risk culture” of organizations. Boards of directors are increasingly expected to oversee risk culture. The IIA is calling on internal auditors globally to start formally assessing and reporting opinions to the board on risk culture and risk governance frameworks. The culture of an organization is heavily shaped by its CEO – for better or worse. This is new and potentially treacherous territory for internal auditors. This session overviews the escalating calls for boards and internal audit oversight and audits of risk culture and risk governance frameworks and provides practical advice shaped by the presenter’s 30+ years of global experience how to tackle this new area. An overview of the risk culture assessment criteria proposed by the Financial Stability Board (FSB) to national financial and securities organizations around the world in 2014 is profiled in a real life case study of a risk culture assessment done by the presenter for his client, the board of a UK public company.