For a smaller, non-public company in the financial services industry, can the Chief Audit Officer also be the Chief Risk Officer? If so, how do they typically navigate around independence requirements? Is this a common practice?

Finance
865 views1 Upvote5 Comments
Sort By:
Oldest
Vice President - Internal Audit and Enterprise Risk Management in Healthcare and Biotech5 months ago
I have seen this structure in place at organizations of varying sizes, including publicly traded companies.  I think the key is for your Board and senior leadership to be comfortable with the structure and the considerations from an independence perspective.  I do think the benefits of having this structure can be meaningful.  

To address independence, when we've conducted audits of the risk management function when it also reports up through the CAE, we've typically had the audit team seconded to another leader in the organization for that audit only.  Typically, this has been the General Counsel.  On a few occasions I've also seen organizations out/co-source the audit of risk management, to further ensure independence exists.
2 1 Reply
VP of Finance in Bankinga month ago

Thank you, Martin. This was very helpful.

Director of Finance5 months ago
You can find helpful delineation of activities in the Internal Audit Institute article
"the role of internal auditing in enterprise wide risk management. 
1
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CFO5 months ago
I would not recommend combining those roles. First of all, they require different skill sets. Second,  there would be the appearance of potential for conflict.  Third, one's judgment could be questioned even if one is trying their very best to be objective.
1
VP of Finance in Travel and Hospitality5 months ago
Chief Auditors are taking on the responsibility of Chief Risk Officer in companies large and small. It makes sense to me because the skillsets are very similar. A big caveat is to address this in the audit committee charter (for publicly traded companies). You can wear the two hats (I do in my middle market organization), but you have to be careful with how you manage the independence and objectivity. In short, it's doable and more common than you'd think.
1

Content you might like

As the controller of a tech company in Europe, I am interested in embedding more Lean and Six Sigma techniques into our workflow to drive improvements in our closing process. Could anyone recommend a third-party provider that offers robust and tactical training in this area? Any tips or recommendations would be greatly appreciated.

Peer InsightsFeedbackFinancial Management+1 more
294 views1 Upvote

What's the most important friction in deploying Robotic Process Automation (RPA) in your company?

People & LeadershipApplications & PlatformsEngineering+14 more

Cost of RPA products27%

Lack of developers who can code RPA applications44%

Amount of customization needed to automate business processes24%

Lack of RPA code maintenance resources4%

View Results
11.7k views5 Upvotes8 Comments

How is your organization dealing with the finance talent drain? Where are you finding new up-and-coming talent?

FinanceFinancial ManagementTalent Sourcing & Hiring
Director of Finance in Consumer Goods8 months ago
In last 2 years there has been considerable finance drain in our organization. We have brought hybird working model and flexible working hours as per personal needs in order to provide work life balance.
Moreover, employee ...read more
1
Read More Comments
732 views3 Comments

How much time should the Auditor spend with the data analysis on the audit if the data is available?

FinanceData & AnalyticsAuditing & Logging

10%9%

20%31%

Depends on the quality of the data 55%

I will read only the outcome of the analysis from somebody who will prepare it5%

No, I will not analyze the data. I will concentrate on the process of analysis

View Results
4.6k views1 Upvote