Great news for corporate compliance and audit professionals who happen to be podcast enthusiasts: Tom Fox and I have just released a five-part series exploring the changing nature of the internal audit function, and how those changes might affect the relationship internal audit has with the compliance function and other parts of the enterprise.
You can download the whole series on iTunes or on YouTube today; and Fox will be releasing one segment each day this week on his FCPA Compliance Report website and on JD Supra as well. We divided the series into five segments of roughly 10 to 12 minutes each, so you can listen to the entire program roughly an hour.
Why are we doing this? As I’ve mentioned on this blog and elsewhere several times this year, internal audit is experiencing a profound transformation in how it does its job of risk assurance — more precise, sophisticated, and comprehensive risk assessment, thanks to better data analytics.
That, in turn, has profound implications for how internal audit could work with other parts of the enterprise, including the corporate compliance function. As internal audit improves its ability to assess risks in a data-driven, analytically based manner, those analysis tools can then be left with business operations executives to monitor risk after the audit team departs.
So in a practical sense, internal audit can help other parts of the business become more proficient at risk management and monitoring. What would some practical examples of that look like? How could a company get started on that path? Those are the questions Fox and I explore in our podcast series.
The complete lineup:
- Part 1: Overview of the series and a look at why internal audit is experiencing such a profound transformation today;
- Part 2: The three steps of evolution at internal audit: strong internal control, analytics, and risk management that adds value to the business;
- Part 3: Three examples of how internal audit can use analytics and work with other business functions to help them oversee risk;
- Part 4: The new working relationships that might arise in this world;
- Part 5: How to get started on this journey and final thoughts on the subject.
What can compliance officers learn from this series, and from this broader transformation generally? Lots. First, you have your own risk monitoring and analytics challenges to master; so any time another part of the business gets better at those tasks, you can look for opportunities to work with them to develop risk monitoring tools that address the risks most important to you (whistleblower hotline, due diligence, or case closure data, for example).
Second, as other business functions get better at monitoring their risks — say, the finance function getting better at following payments; or the marketing department getting better at data collection practices — that’s going to change your own compliance risk assessment, and subsequently the priorities you have about which parts of the enterprise should get your attention next. So anything internal audit is doing to change that calculus is important to understand.
We hope you enjoy it. Let us know what you think!