Many internal audit functions within organisations fail to add practical value that exceeds their costs. Why is this?
Firstly, it is our experience that an internal audit function is hard pressed to demonstrate and deliver value if not underpinned by a robust Enterprise-wide Risk Management (ERM) process. In fact, where there is no ERM process in place, it is our recommendation that internal audit resources should first be applied in establishing an ERM process.