3.4 Integrated Risk in Internal Audit: Keep it simple… Be realistic… Make it happen!
A session intended to facilitate auditors develop their skills towards risk integration in the audit function; and in turn, help auditees to build capacity and manage risk part of their day-to-day operations.
It is a presentation that resonates with the reality of the Public Sector, particularly in the healthcare system. Public services are currently undergoing through a massive transformation in pursue of efficiencies and sustainability. Healthcare has been defined as a Complex Adaptive System: there are many components in place, in a way that they can change and evolve; however, not independent but interconnected and interacting among themselves. Integrating risk into that reality requires to keep it simple – a simplified approach for people operating different areas that do not speak and breath risk in their day-to-day working; although ultimately responsible for their outcomes.
Like many other activities in the public sector, these organizations look at operational performance improvement; however, at the time of analyzing their under-performance, the tendency is to stop after looking at the root causes and jumping into action plans, which in many cases, lack the necessary sustainability: activities that would be ultimately embedded into the organization’s operations in a continuous, proactive and systematic process.
In order to succeed in this field, it is required to be realistic in terms of the resources and ability the organization counts on to make the change; and define items within the recommendations and plans that are actionable and controllable by their business to make it happen.
In the context of the Public Sector, where there is an avid desire to improve performance; managing risk in an integrated fashion should help improve performance… not the other way around.
Risk turns out to be a frequent topic within any given discussion in the Public Sector; however, it is my impression that there is an urgent need for building capacity in first place within this sector.
It is my belief that internal auditors could be the enablers of a common understanding of risk in order to bring solid support to those discussions, and in turn, obtain the effect they were always intended to produce by partnering with the business through the audit engagement.