We believe this industry is about to change
Welcome to Internal Audit Next. A site started by Internal Audit, Risk, Compliance, and SOX leaders with the intent of sharing new ideas to plot the future of what this industry can, and SHOULD, be.
Raising the Bar
The time is now for us to recognize and embrace the important role that GRC functions can play in helping companies succeed. We believe strongly that arguing over "assurance" versus "advisory" is missing the point. Specifically, we hold the following tenants to be our guiding principles:
Internal Audit, Risk, and Compliance functions are in a unique position to add real value to their organizations while also assuring that the risk of fraud, errors, and/or strategic mistakes will make companies stronger and more resilient.
GRC functions have fallen into "check the box" habits that add little value and do not assure anything.
Risk has a vital role to play in all areas of a business or organization. And, for risk assessment and management to be effective, front line individual contributors, managers, and leaders need to understand and adopt sound risk management principles and activities. Today's business leaders are far behind in understanding risk and using it effectively to guide decision making.
GRC functions, need to start recruiting people who understand the business areas that they support. While our functions will always rely on "generalists" we need to understand how the people, processes, and technology support the core business objective.
AI (more specifically LLMs) represents an opportunity for major change in the GRC space and we need to understand and embrace what that means. This includes the tools available to us to do our jobs as well as our ability to make sure that our business stakeholders are not placing our companies and organization in jeopardy by using AI tools.
This is our position. And we believe anybody in our space who is telling you otherwise is probably trying to sell you something.