Mastering Risk Management

INDEPENDENT ASSURANCE

Independence

In order to fulfil its function, internal audit must be functionally independent from the activities it audits. Clearly it must be independent of the business lines and unrestricted in its role. While it may have a direct line to the CEO or CFO for pay or rations, it should not report to a functional executive. Nor should the head of internal audit report to the CRO. Since internal audit is required to provide assurance on the risk management process, reporting to the CRO presents an obvious conflict of interest. That conflict is not resolved by dotted line reporting elsewhere. Dotted lines are often a fudge and mean that there is not clear accountability. Even worse are dual lines. They are a cop-out. Delete ...

Get Mastering Risk Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Risk Management by Tony Blunden, John Thirlwell

INDEPENDENT ASSURANCE

Independence

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly