Benchmarking the Internal Audit Risk Assessment Process

Scott McCowan
Scott McCowan Ernst & Young LLP
Megan Duggan
Megan Duggan Ernst & Young LLP
Jaspreet Dharia
Jaspreet Dharia GE HealthCare
Puran Sampat
Puran Sampat GE Corporate
Tom O'Reilly
Tom O'Reilly AuditBoard

On-Demand Webinars

Webinar Speakers

Scott McCowan leads the EY Americas Risk Management businesses with deep experience leading boards and executives through significant, complex business transformation by optimizing their risk functions and implementing risk intelligence. Scott has nearly 15 years of experience in integrated risk management, enterprise resilience, governance risk and compliance process design, internal audit and internal control transformation.

Megan Duggan is a Senior Manager in Risk Consulting with deep experience supporting organizations as they build and transform risk functions to drive strategic growth and create business value. She helps clients overcome complex challenges and uncover insights through technology and innovative solutions that enable better decision-making.

Jaspreet Dharia is the Chief Audit Executive of GE HealthCare, focused on continuing to build a high-performing Internal Audit function to serve the global GE Healthcare organization. Prior to GE, Jaspreet spent over six years at BlackRock where she was the Head of Audit for Corporate and Risk functions as well as BlackRock Solutions. Before joining BlackRock, Jaspreet spent over eight years at Credit Suisse in various internal audit roles and previously worked for TD Bank and TD Waterhouse in the Internal Audit Group for the Wealth Management and Brokerage Services Groups, respectively. Jaspreet started her career in external audit where she spent over five years at PricewaterhouseCoopers in the Toronto office. Jaspreet earned a Master’s in Accounting from the University of Waterloo and holds a BA in Accounting. She earned her CPA designation in Canada with distinct honors.

Puran Sampat is the Chief Audit Executive of GE’s Corporate business unit and the Chief of Staff for the broader Internal Audit organization. He joined GE in May 2021 and brings 15 years of internal audit experience to the role. His experience includes being a graduate of an Internal Audit Leadership Program at The Home Depot, and supporting companies across multiple industries (manufacturing, technology, consumer products, travel & leisure) while being a trusted advisor to clients as a part of the Internal Audit practice at KPMG and Deloitte. Puran is a Certified Information Systems Auditor (CISA) and has a Bachelor of Business Administration in Management Information Systems and a Master of Business Administration in Finance from Georgia State University. He currently resides in Atlanta, GA.

Tom O’Reilly is the Internal Audit Practice Leader at AuditBoard, a cloud-based platform revolutionizing the way enterprises collaborate, manage, analyze and report on critical internal controls data. Prior to AuditBoard, Tom was the Vice President and General Manager of Internal Audit at MISTI, where he was responsible for the strategic direction and oversight of all internal and IT audit-related training programs. In addition, Tom was the Director of Internal Audit and Chief Audit Executive at Analog Devices and Internal Audit Manager in EY’s Risk Advisory practice. While working as a CAE at Analog Devices, Tom founded the CAE Leadership Forum, a New England-based group of 200+ CAEs and internal audit leaders that met bi-monthly to learn from internal audit subject matter experts.


The internal audit risk assessment is perhaps the most important process dictating internal audit’s success — it determines what will be on the audit plan and it can be leveraged to inform the business of new and emerging risks. Yet, this process is seldom changed and thought leadership is rare.

Please join experts from AuditBoard and EY for a panel discussion where we will discuss best practices and share perspectives on the internal audit risk assessment. Talking points will include:

  • How frequently risk assessments should be completed.
  • Ways to leverage work completed by second line functions.
  • What Risk Assessment Reporting should be shared, and with whom.
  • How to mature the risk assessment with data analytics.
View Webinar Now