To remain relevant, the expectations of internal audit must evolve as credit unions evolve. A new view of risk management is prompting a shift in the role of internal audit in many credit unions. New demands from the board, senior management team, and regulators are requiring internal auditors to refocus their efforts beyond their traditional roles by shifting their focus to oncoming challenges and opportunities as well. To meet these new requirements internal auditors must:
Develop skill sets to meet their new role as an advisor to management
Participate in strategy development and planning
Understand integrated versus siloed risk management
Internal audit has new opportunities to both expand its traditional activities in value preservation and leverage its skills in new ways to support value creation. Internal audit personnel can bring their core skills of risk and control analysis to other areas.
Throughout the banking industry leaders are focused on managing risk enterprise-wide with the support of their boards as well as their regulators. To help ensure key business risks are being managed appropriately and that the system of internal control is operating effectively internal audit should evaluate activities such as:
Risk identification and prioritization
Alignment of people, processes, and systems with business strategy
Definition of key performance indicators
Analysis and quantification of risk factors related to new services and strategies
Understanding of shared risks and initiatives
Internal audit’s discipline, knowledge of the organization’s key risks, enterprise-wide view, and familiarity with the control environment enable it to bring an important perspective and value with these efforts.
Developing A Single View Of Risk
Along with efforts to manage risk, some credit unions struggle with overlapping and often burdensome compliance requirements. The tendency has been to employ multiple approaches to risk identification, measurement, and monitoring, where each department has its own views of risk. To address this issue, organizations are moving away from a “siloed” approach to a more consolidated perspective. This effort involves formulating, at the board level, a “single view” of what organizational risk is and how it can be measured and rated allowing senior management to identify and “slice” top risks that face the organization as a whole.
In many cases, organizations are looking to internal audit to help refine risk management processes and help leverage newly gathered information about organizational risks. Internal audit is particularly suited to assist in a number of areas, including: risk identification, the application of quantitative and qualitative analysis, control design and effectiveness evaluation, continuous monitoring and auditing techniques, and regulatory compliance. These core competencies coupled with regular contact with the external auditor make internal audit well-suited to assess and interpret changes.
The responsibilities of internal audit are expanding, and the required skill sets are changing. Board members and executive management can leverage internal audit’s capabilities in ongoing analysis to help provide assurance that the credit union’s objectives and strategic goals are achieved. Beyond that, executive leadership looks to the internal auditor as a business adviser. To fulfill this expectation, internal auditors will need to update their skill sets and, in many cases, shift the way they operate. Using ERM and better employing risk management will provide them with more resources to act as an adviser by looking beyond compliance to helping the credit union improve overall business performance
CPAs and consultants specializing in a full suite of audit, tax and advisory services to credit unions and CUSOs since 1987, TWHC leverages its in-depth knowledge of the credit union industry to provide robust reports that offer superior value. More than just an audit firm, TWHC provides relevant advice. Online at https://www.twhc.com.