Internal Audit’s Role in Risk Management

Michael Somich, Executive Director of Internal Audit at Duke University, discusses with Dr. Mark Beasley his views about the role internal audit should play within an organization’s ERM process.  He shares insights from his experiences of leading the launch of the ERM initiative at Duke University while also serving as the general audit executive.

Key Points:

1. Internal Audit’s Role at Duke University:

   • The internal audit function facilitates risk management efforts at Duke University.
   • The audit committee, as per its charter, owns the risk management process, with Somich aiding in defining and presenting strategic risks to senior leadership and operational leaders.
     
     

2. Impact of Risk Oversight on Internal Audit:

   • Duke’s audit plans are now directly informed by the university’s risk profile.
   • By 2011, comprehensive risk management processes were completed, enabling the 2012 audit plan to be fully based on management’s risk assessments, covering operational, financial, and strategic risks.
     
     

3. Advice to Internal Audit Professionals:

   • Somich encourages internal auditors to embrace leadership and facilitation roles in risk oversight.
   • He highlights the interconnection of risk, compliance, and controls as essential to creating value and effectiveness in the audit function.
     
     

4. Closing Remarks:

   • Beasley directs the audience to the ERM Initiative website for additional resources related to boards and audit committees.
   • Somich emphasizes the value of internal audit’s expanded role in risk management.

This discussion underscores the evolving function of internal audit as a strategic partner in enterprise risk management.

Original Article Source: “Transcript of Interview with Mike Somich on Internal Audit’s Role in Risk Management“, Mike Somich and Mark Beasley, October 2012