Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM).
Business Drivers are typically defined by executive management with guidance from the board of directors. From an internal audit or ERM perspective, though we do not define business drivers, it is vital that we are part of the discussion.
Role of Internal Audit with Business Drivers
1 – Bench-marking Business Drivers: Internal audit can analyze business drivers and ask the question “do they make sense”.
2 – Assessment of Processes and Controls in relation to Business Drivers: Internal Audit can lead the effort to inventory and understand which processes in the company impact business drivers. In fact, this is part of the ERM process we’ll discuss in part 6.
3 – Process and Control Assurance: Once internal Internal Audit has an inventory of controls/processes that impact business drivers we can ensure they are functioning as expected. In addition, we can report and suggest remediation to deviations which should lead to overall business performance (root cause analysis). We’ll also discuss this on in part 6.
How to Inventory Business Drivers for the ERM System
There are a few good sources to identify business drivers – all from executive level management.
1 – Board of Directors: IA Management will probably have the opportunity to interact with the Board of Directors and get a sense of business direction and business objects for the year. There are typically slides and metrics from the various department heads associated with business drivers and objectives. This is a great place to start. Even if you aren’t privy to the meetings, internal audit should be able to access most of the documentation.
2 – Steering Committees: In large companies there are steering committees for almost everything – including ERM and tracking key performance indicators. IA should identify which meetings (and who is in them) may be valuable in understanding and inventory key business drivers for each year. A great place to find out about the various committees is from accounting, finance, and IT department heads.
3 – Relationship with Executive Management: Perhaps the best place to get started is with existing relationships to executive management (you probably are or report to someone in one of these steering committees or who attends board meetings). IA is a relationship department – use them effectively.
In general, my strategy is to gather everything I think might be a business driver then seek buy-in from the executive team. These type of discussions are healthy for both parties and assure that the unit of measurement IA is using is consistent and agreed upon.
Alignment with Internal Audit’s audit plan
From an ERM and business perspective it is vital that Internal Audit align their audit plan with key business drivers. Alignment enhances the value internal audit provides to the business and helps ensure that audit reports are meaningful.
Note: Christian has helped a number of companies implement ERM systems just like this one and is the author of this particular methodology. If you have questions, ideas, or need help shoot him an email.