The internal audit function’s position within a company is unique. It provides its principal stakeholders (audit committee members and management) valuable and objective assurance on governance, risk management and control processes, as well as consulting services to improve operations. With this critical responsibility to fulfill, implicit in executing those duties is internal audit’s continuous improvement to its own practices.
Ensuring that an organization can recover from disaster is a basic business requirement the board should explore regularly with management. Nowadays, leading organizations are taking this requirement and turning it into a strategic advantage. Namely, investments in operational resiliency are assisting organizations to become more responsive to client needs as well as improving operational reliability, quality and efficiency. It’s an effort you should consider.
Changes to a company’s information technology (IT) environment, both information systems and the underlying platforms, are a source of significant operational risk for every organization. To protect its IT investment and reduce operating risk, robust change management processes are critical. The need for a positive control environment and a very unforgiving attitude regarding unauthorized IT changes by management cannot be overemphasized. Insufficiently tested IT changes is an unacceptable practice.
Information technology is critical to the long-term success of most organizations. It is a key driver for the cost of operations, and cost of operations tends to be a vital component of overall profitability. It facilitates the introduction of new business initiatives, as well as the ongoing improvement of current processes, and allows the management team to monitor and report on performance. IT enables business operations through connectivity, information processing, business intelligence and the like. Lastly, and especially important to this audience, IT can contribute greatly to a company’s system of internal control.
The "Holy Grail" for IT has always been to be closely aligned with business efforts. For years, business has encouraged IT to focus on delivering business priorities. At the same time, IT has tried to be an integral part of business planning and align IT efforts and investments with business priorities. Ultimately, effective IT alignment really does require the ongoing and engaged involvement of all key participants.
Add a Comment: