Many internal audit functions have already begun to assume a more strategic role in helping organizations to increase efficiency and minimize risk exposure, which has required greater collaboration among risk management and internal audit. The release of the U.S. Office of the Comptroller of the Currency’s (OCC)’s notice of proposed rulemaking heightens the need for such collaboration. The proposed rule would mandate that institutions create a risk-management framework that includes:
- Oversight by boards of directors
- Formalized documentation
- Specific roles and responsibilities for frontline units, independent risk management, and internal auditing
- A risk-appetite statement that aligns with the strategic plan
- Aggregate, concentration, and frontline risks
- Risk escalation and resolution protocols
- Risk data aggregation and reporting
- Talent, compensation, and performance management programs that align with risk appetite and management
To meet OCC requirements and strategically connect the dots on assurance, compliance, and risk management, internal audit functions will need to be part of the risk management ecosystem and provide validation of the execution of risk management responsibilities by frontline units and management. Our article outlines what internal audits bring to the table as well as opportunities for driving value through collaboration between risk management and internal audit, using the case example of concern about loan loss reserves.
For more information on this topic, or to learn how Baker Tilly internal audit specialists can help, contact our team.