Sometimes we tend to ignore "obvious" red flags that something might be wrong in our organizations because we have "people we trust" running the organization. Making a case for internal audit or Fraud Risk assessment is not the easiest of things to engage business/organizational leaders. It is hard to convince a CEO who is focused on building a company why some form of internal regulation is so paramount to his goal, that he should spend a considerable amount of funds to create a credible internal audit/risk unit[1]. Measuring the benefits of efforts spent on marketing, finance and production for companies is easy and quantifiable. But how do you evaluate an internal audit/risk department especially if it is so effective that no major incidences of fraud/misconduct reported due to the fact that employees believe they will be detected.
How can risk professional demonstrate that there is value to be added in an organization by investing in a risk department/internal audit department?
Next I will discuss this in detail and demonstrate how an internal/risk department can add value to an organization. I will also describe ways of evaluating the effectiveness of an risk/internal audit department.
[1] This is used in a very broad meaning and includes internal auditors, risk specialists, investigators, forensic accountants and compliance professionals