For Effective Risk Management, Build Relationships (article)

For Effective Risk Management, Build Relationships (article)

CBIZ provides internal audit outsourcing.

The nature of internal audit makes the relationship between Chief Audit Executives and their companies a challenge. Internal auditors perform reviews and audit activities and then report administratively to the same people they were reviewing for the audit.

On top of reporting duties, the Chief Audit Executive must also communicate what changes need to be made to address the findings in the report. An effective internal audit function allows the organization the opportunity to address key areas of risk or deficiency before they negatively impact the organization. Control gaps identified through the internal audit that aren’t considered by management open your organization up to additional risk. Chief Audit Executives who can manage relationships with audit committee chairmen, audit committees and management will provide the highest level of risk oversight for their organizations.

Audit Committee Chairman

The audit committee chairman is the internal auditor’s advocate. If there is a discrepancy with management about findings from the internal audit report, the audit committee chairman will be the one who helps the Chief Audit Executive resolve the issue.

Chief Audit Executives should be sensitive to how and what they communicate to their audit committee chairman to ensure the relationship stays positive. If the Chief Audit Executive constantly complains about management, that could be damaging to their credibility. The audit committee chair may not properly consider the severity of significant issues, because they consistently receive management-related complaints.

Conversations between the Chief Audit Executive and the audit committee chairman should instead focus on how the internal audit function can make the audit committee chairman more effective in their role and how both parties can work together to do what’s best for the success of the function and the future of the organization.

Audit Committee

It is not the audit committee’s job to defend or protect the internal audit function, but the committee is responsible for providing the resources and infrastructure for the function to become successful. To take the internal audit findings from a report to actionable items requires dialogue. The Chief Audit Executive helps the audit committee understand the risks of the business and discuss risk management solutions. In turn, the audit committee can provide feedback on the audit and risk management plans and together the Chief Audit Executive, the audit committee and management may come up with a risk management plan that would both be feasible and effective. If the Chief Audit Executive fails to have a good relationship with the audit committee, the dialogue on the audit and risk management plan may not be as effective.


One of the most difficult relationships to manage is the one between the Chief Audit Executive and management. While maintaining a collaborative work environment is important, it is the responsibility of the Chief Audit Executive to objectively provide management with recommendations on how best to control the risk to their organizations.

Chief Audit Executives should encourage management to do the right thing for the right reasons, rather than force or threaten them to make changes based on the internal audit findings. Credibility within the relationship is also essential; both parties need to trust that the other is acting in accordance with regulations and for the best interest of the company.

The relationship may be helped by emphasizing what changes would be best for the organization and how the internal audit function and management can work together to create a better organization.

Relationship Building Takes Practice

Unlike the technical components of the internal audit function, relationship building is not a skill learned in coursework or in continuing education. It takes practice, real world experience and some creative problem solving to master. In all of their dealings, Chief Audit Executives should focus on driving their audits to be a risk management tool and working together with the audit committee chairman, the audit committee and management to meet the organization’s strategic goals.

For more information on how you can improve the internal audit function of your organization, please contact us.

Related Reading

Copyright © 2017, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).

For Effective Risk Management, Build Relationships (article)Internal auditors and their relationship with their employers is difficult by nature, but it shouldn't be an obstacle to risk management....2017-06-14T18:28:00-05:00

Internal auditors and their relationship with their employers is difficult by nature, but it shouldn't be an obstacle to risk management.