Every business faces some kind of risk to its future. Of course, there are risks that you simply can’t predict, such as the Japanese earthquake, the tsunami and its impact on the global nuclear energy industry, iPad production – and those that you can.
And we can see plainly what happens when companies don’t pay proper heed to the risks that they can influence.
The fallout from Scotland’s banking crisis has thrown up some perplexing questions about risk, proper procedures and vital questions that senior board figures failed to ask, while the sad saga of the events at Rangers (I’m a Partick Thistle fan, born in Glasgow, and now living in Edinburgh) show that some senior board-level people at the football club were not looking hard enough at all the levels of risk.
Even today’s entrepreneurial businesses must constantly assess where things are likely to go pear-shaped.
Ask yourself; does your business have a code of ethics that everyone has signed up to? Because, in most places today, this is becoming mandatory – and you need to spend time explaining why you have such a code over the use of IT, mobile phones, gender and sexual discrimination, bullying, theft and bribery and corruption.
Even in our public sector there are massive every-day risks. For example, Falkirk Council has taken a more determined look at its own internal business matters because it felt its procurement organisation risked being a target for organised criminal activity.
Working with the Scottish Crime and Drug Enforcement Agency, Falkirk has updated it response to criminal activities.They are to be applauded for this course of action.
Over the last few years, the critical roles of the internal auditor have come into much sharper focus in such areas. The valued internal auditor has a unique place in any company to test the controls that are in place and see if they are robust enough.
It’s a highly rewarding career for an inquiring and intelligent person willing to maintain high levels of independence and integrity. As a professional body, the Chartered Institute of Internal Auditors, which was granted a royal charter in October 2010, has been supporting internal auditors to raise the bar in both private and public companies.
One strategy for the institute is to attract new talent to the profession and chartered status with advanced diplomas in internal audit practice and management highlight our commitment to ongoing training and practical learning.
With a longer-term perspective, the institute’s strategy is to raise the profile of the profession and increase influence and engagement with a range of stakeholders, but particularly policy makers, regulators and standards setters.
The institute’s efforts to build closer relationships with heads of internal audit to understand their needs better is also a key in supporting the building the profession.
One of the biggest challenges of the financial crisis has been in the boardroom, which must be more robust when scrutinising business risks. That means that non-executive director must have access to more information from deeper inside an enterprise.
Our own recent survey* shows that in 63% of companies only the audit committee members have contacts with the internal audit team. As a consequence, other non-executive directors may be missing a chance to bring their knowledge and experience to bear on crucial risk issues.
While 71% of non-executive directors see substantial scope for improving the understanding of risk across their organisation. With the help of internal audit, let’s make this happen. The internal auditor has a pivotal role to play in all kinds of companies.
While we don’t seek the limelight as practitioners, a good internal auditor has to be visible from top to bottom in an organisation and courageous enough to ask the tough questions. Our ambition is to be the trusted adviser need to be informed and knowledgeable about our organisations and how the components knit together from an internal control and risk management perspective.
The institute’s efforts in increasing engagement are helping to provide a stronger voice for internal auditors, which in turn will allow businesses to gain an incisive commercial edge. We know that more productive engagement with heads of audit and the external auditors and consultancies is vital for the growth and development of our institute.
But it will also mean stronger companies across the UK where internally people feel more empowered to challenge poor – or even corrupt – decisions when they see them.
The familiar equation in business is that the higher the risk, the greater the reward, but let’s ensure that only sensible and quantifiable risks are taken, not the reckless sort that has caused so much national pain and damage.
David Reynolds has been involved in internal auditing for 25 years. He was director of internal audit and regulatory compliance at BT. He is now a director of US-based consultancy MorganFranklin.
* The survey can be downloaded free from http://www.iia.org.uk/