Enterprise risk management and the internal auditor's role are top priority issues for the Institute of Internal Auditors newly-appointed president, Terry Cunnington. On the contentious issue of who takes responsibility for risk management, Cunnington believes that internal auditors can have the role of monitoring risk management, central coordination and reporting to board level, provided they do not take accountability for risk management away from management, and do not impose processes, retaining their independence. He stresses the need for close liaison between risk management and the internal audit department, with staff potentially seconded and shared systems and data, and suggests that the risk manager's and internal auditor's roles can be complementary rather than conflicting if managed properly.
Cunnington admits that there will inevitably be territorial concerns as independent auditors move into the risk arena. However, he told StrategicRISK that the bottom line is what is going to work best for the organisation. With current pressure on costs, companies will be scrutinising their spend on risk management and internal audit. "Risk managers and internal auditors need to be aware of this and proactively address it."