Unlock the potential: by spearheading a companywide knowledge-sharing effort, internal auditors can secure the organization's understanding of business risks and increase awareness of control strategies.

GATHERING KNOWLEDGE AND INFORMATION ABOUT the nature of business risks that face the organization, how those risks are managed, and to what extent they impact the organization's business processes and strategic goals is an inherent competency for most internal audit functions. In addition, internal auditors are uniquely positioned to share that information throughout the organization and thereby greatly increase the company's ability to manage its risks effectively. In many of today's best-in-class businesses, where sharing risk and control knowledge is widely known to be an effective risk management strategy, internal auditors are, in a sense, leading a knowledge-sharing movement, one that is directly tied to the concept and practice of enterprise risk management (ERM).

Effective knowledge management is crucial to ERM, which is predicated on the understanding that business processes, risks, and controls across the organization are interrelated. Identifying root causes of business risks is part of the foundatio n of ERM because targeting specific root causes helps the organization use its risk management resources more efficiently. For example, if a company with 10 significant risks has three that, when correctly managed, will positively impact the other seven, it makes sense to apply risk management resources primarily to those three risks. However, this interconnectedness of risks across the organization can only be identified and managed, and ERM can only emerge, when the organization begins to share risk and control knowledge systematically across its functions and departments.

RISK MANAGEMENT RESPONSIBILITY

Whose job is risk management? The short answer is: Everyone in the business. Because each individual in the company takes part in the organization's business activities, each individual takes risks. Whether or not these risks are actually addressed, however, depends on each employee's familiarity with the potential exposures associated with his or her job and the resources available to mitigate those exposures.

Effective knowledge-sharing allows every one of the organization's employees, from staff level to leadership, to engage in risk management by organizing, categorizing, and monitoring risks as they relate to each business process. Knowledge-sharing across functions also enables employees to develop a big-picture view of the company and identify the enterprisewide risks that span the organization, as well as the interrelationships of those risks.