business

Leadership in the Risk-Intelligent Organization

Effective risk management in today's business climate requires both a business-aware chief audit executive and an audit-aware executive team

Financial scandals, the rise in new worldwide regulations, and the nascent economic recovery have created a climate in which companies should be elevating the role of their chief audit executives (CAEs) to that of a strategic business partner with the senior executive team. With risk now a core focus for boards of directors and senior executives, the CAE, who has traditionally been relegated to the tactical execution of an annual audit plan, is uniquely positioned to play a central role in the risk-intelligent company, thanks to his or her visibility into, and understanding of, the enterprise's holistic risk-management activities. For companies to maximize the strategic contributions of the CAE, however, they must have both a business-aware auditor and an audit-aware board and leadership group.

Many CAEs are challenged to assume this greater responsibility while keeping up with current workloads. Those CAEs who have successfully made such transitions have done so by making their departments more efficient and effective with technology. Analytics solutions can tame unruly internal controls and data environments and free internal audit staff from manual activities. With improved processes and automation, the internal audit function can then focus on higher-value risk analysis work that delivers real-time insights to business leadership.

Those CAEs who look to pursue a leadership role as a business-aware auditor must also possess a deep and broad range of skills. Consider some of the following job specifications in recent postings for CAEs at leading companies:

• "Must demonstrate a solid understanding of the company's business, core strategies, risk appetite, and risk tolerance."

• "Must be willing to raise difficult issues with senior management and the audit committee—even if such actions prove unpopular."

• "Must partner with senior management and the audit committee to help them fulfill their broad responsibilities for effective governance."

• "Must be seen as a business partner rather than a 'corporate cop.'"

Not surprisingly, there are recent signs that the role of strategic-minded, business-aware CAE has become a stepping-stone to the CFO position. Patricia Little, executive vice-president and chief financial officer of Kelly Services (KELYA) previously served as the top internal audit executive for Ford Motor (F). Kent Harvey, senior vice-president and CFO of PG&E (PCG), previously served as the utility giant's chief risk and audit officer. Former Kraft Foods (KFT) CAE Ralph Nicoletti is now CFO of Alberto-Culver (which Unilever is acquiring).

The Audit-Aware Business

The second important component—the audit-aware board and leadership team—is equally critical. Boards of directors, because of a variety of new regulations, now have a crucial responsibility to understand all the key risks their companies confront. As a result, corporate directors are requesting much more risk-related information and education from their CEOs, CFOs, and CAEs.

Also, the new generation of business managers is much more technologically savvy and information-hungry than their predecessors. With regard to business operations, executives—who have grown more accustomed to data-driven business intelligence analysis and real-time performance management reporting—increasingly need real-time risk information.

The new audit-aware and technologically competent business leader should use any and all of the tools at his or her disposal to find the risks (both loss and opportunity) faster. The growing adoption of enterprise risk management (ERM) programs and centralized governance, along with risk management and compliance (GRC) efforts, illustrates the interest in real-time risk information.

Further, executive leadership should seek out strong, strategically minded business partners to help them demonstrate value and provide confidence to the board of directors and shareholders. Combine this with the post-Sarbanes-Oxley demand for greater individual accountability for risk management by the CEO and board members, and it becomes clear why business leaders can benefit from more information and instruction from CAEs.

The Value of Risk Intelligence

The recent spate of business crises has highlighted a surprising misconception—that risk leads to reward. What has been proven true instead is that risk, improperly managed, leads to loss. Risk simply represents the possibility of a loss or reward. For chief audit executives and organizational leadership, this point marks a crucial distinction and underscores the value of risk intelligence.

The evolution toward a more risk-intelligent business provides the opportunity for CAEs to assume their role as a strategic business partner with the CEO and CFO as well as the audit committee. Those organizations that enable their CAEs to raise the organization's overall risk IQ will position themselves for long-term success.

    Before it's here, it's on the Bloomberg Terminal. LEARN MORE