Expert Insights: Elevating Internal Audit’s Role and Relevance Through Connected Risk
How does your organization define connected risk? As risks continue to emerge at an unprecedented pace, Tom O’Reilly of AuditBoard hosts a lively conversation between Erin Banet (Chief Audit Executive, Humana), Jake Birmingham (VP of Internal Audit, Carrier Corporation), and Brian Westover (VP of Internal Audit, Lamb Weston). These three leading audit executives cover:
- How connected risk tells a consistent story to stakeholders, customers, and the board so everyone speaks the same language
- Addressing obstacles they’ve encountered in their connected risk journey
- How two-way communication and accountability empower your organization
How are your organizations approaching connected risk?
Brian Westover (VP of Internal Audit, Lamb Weston): When I started two years ago with Lamb Weston, risk was a regular conversation amongst our leadership. This risk-centric approach trickles down through the organization, with a focus on facilitating conversations and connecting the dogs. At Lamb Weston, our leaders facilitate that type of culture, where employees are empowered to do their job and do it well. When you have that type of connected risk culture, there’s two-way trust that keeps dialogue open while mitigating top concerns.
Jake Birmingham (VP of Internal Audit, Carrier Corporation): At my company, I have to present how my function is aligned with our SOX and ERM functions. I have to map my audit plan and identify risks to the ERM risk structure. I usually focus on the top 10 compliance risks and the top 10 business risks. We have a very collaborative culture that comes from the top down, but also from my peers. Everyone is very supportive to ensure that we’re all aligned on the same risks while speaking the same risk language.
Erin Banet (Chief Audit Executive, Humana): At Humana, we recently conducted a joint risk assessment process in order to identify connected risks. When we think about connected risks, we think about aligned assurance and identifying what all the risks are, and how to communicate that to the top of the line and tell the right story. Before, we’ve achieved that. And then also ensuring that we’re really aligning on who’s covering what and what does that look like, and timing to give our stakeholders that value, but also to our board, as well. So consistency is really key here. And communication is big as well.
What challenges did you encounter when moving toward a connected risk approach?
Jake Birmingham (VP of Internal Audit, Carrier Corporation): The risk exposure gap, as compared to capacity, just keeps growing. Compliance risks multiply constantly. So, I’m trying to figure out how to do more with less. That way, I can expand my coverage to other compliance and operational areas over time. I’m trying to figure out how to use centralized data in order to tell a story with our risk assessments. To close that gap and focus on connected risk, we identify trends with data analytics once each quarter. We use those trends to fuel a continuous risk assessment process throughout the year that morphs along with our risks and priorities.
Erin Banet (Chief Audit Executive, Humana): The key for us was ensuring everyone was on the same page with a solid plan we could work towards. Of course, everyone can’t be aligned all the time. We encountered some roadblocks, but we had the right tools. The primary tool was prioritizing knowledge: What did we want to make sure a common presentation or slide deck could cover to address people’s common questions and build a strong knowledge base?
Brian Westover (VP of Internal Audit, Lamb Weston): Sometimes, when people manage key risks for a company in an unhealthy environment, they get protective. They’re not willing to take a good look at what’s really happening–until sometimes, it’s too late. That’s why it’s critical to foster dialogue about the way things really are, that way we can attack those issues and do what’s right for the company. I try to open those doors and build trust with stakeholders so we can talk freely about these things, and act on them in a positive way.
Tom O’Reilly (Chief Audit Executive, AuditBoard): To wrap up, all of this really matches the conversations we’re having at AuditBoard with our peers. If folks aren’t developing a connected risk approach, they feel like there’s a need based on the expanding remit of internal audit. It’s challenging to balance all our responsibilities as auditors, especially when comparing our responsibilities to how we’re perceived by key stakeholders within the organization. As we take on more work, there’s a great opportunity to lead from the front of our organizations. With that being said, thanks to everyone for joining us today!
Looking for more thought leadership? Check out our on-demand webinar library for more leaders and experts discussing timely issues, insights, and experiences.