A risk-oriented approach: auditors at a Swiss textile firm demonstrate the value of focusing on risk management

Citation metadata

Author: Hans Beumer
Date: Feb. 2006
From: Internal Auditor(Vol. 63, Issue 1)
Publisher: Institute of Internal Auditors, Inc.
Document Type: Article
Length: 2,074 words

Main content

Article Preview :

INTERNAL AUDITING AND RISK MANAGEMENT ARE OFTEN SEPARATE, DISTINCT FUNCTIONS in the organization. The two departments frequently have their own individual missions and strive independently toward different goals.

At Saurer Ltd., a worldwide provider of textile machinery and transmission systems, internal auditing and risk management are linked in a way that provides added value and support for the organization (see "Linking Risk Management and Internal Auditing" on page 74). The two groups share the same primary goal: minimizing the risk that company objectives are not achieved. Their cooperative approach demonstrates internal auditing's degree of focus on risk management activities.

Saurer's internal audit department is an integrated risk management and corporate governance function. When conducting audits, the department's key objective is to assess the quality of management's risk management practices within specific operational processes and to provide assurance to the Board of Directors and group management. The auditors devote most of their attention to processes with the highest risk exposures--usually the primary activities in the value chain--to ensure maximum added value. Moreover, the audit department contributes significantly toward Saurer's enterprise risk management (ERM) program.

Internal auditing has optimized its role in Saurer's risk management process without compromising the audit function's independence and objectivity. The department's approach demonstrates how a risk-oriented focus can generate added value for management and the Board of Directors.

COSO ERM

Saurer's internal audit function uses The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Enterprise Risk Management--Integrated Framework as a model for reviewing the quality of internal control and risk management systems. According to COSO, the ERM framework is geared toward achieving several entitywide objectives:

* Alignment of objectives with mission/vision.

* Efficient and effective operations.

* Reliable financial and nonfinancial reporting.

* Compliance with internal procedures and external laws and regulations.

* Safeguarding of assets (this control objective has been added by Saurer's internal audit function in accordance with suggestions by COSO).

Saurer's internal auditors use these categories as a basis for rating the company's risk management environment. The auditors present their ratings in a table within the executive summary of their audit reports (see "Risk Review Scope and Audit Rating" on page 75). Ratings are defined in the department's internal audit manual as follows:

* Adequate. The level and quality of risk management is satisfactory for the processes reviewed. Some areas of the reviewed processes still need minor improvement. The internal processes are controlled in such a way that it is likely the company/department/function objectives will be achieved, without any surprises. The color green on the ratings chart indicates that this process has passed internal auditing's review.

* Inadequate. The level and quality of risk management are insufficient for the processes examined, requiring improvement in several areas. The outcome of certain internal processes is not sufficiently controlled; a likelihood exists that objectives/strategy will not be achieved and that surprises may occur. The color yellow on the ratings chart indicates that processes require attention.

* Significant Weakness. The level and quality of internal controls and risk management are very low for the processes...

Source Citation

Source Citation
Beumer, Hans. "A risk-oriented approach: auditors at a Swiss textile firm demonstrate the value of focusing on risk management." Internal Auditor, vol. 63, no. 1, Feb. 2006, pp. 72+. Accessed 6 Feb. 2023.
  

Gale Document Number: GALE|A142875115