We've suggested that in the overall GRC equation, the R (risk management) and G (governance) are taking precedent over the C (compliance), which at many companies was the original impetus for more far-reaching GRC programs. The recent financial crisis and recession certainly has highlighted the need for better risk management practices and provided a glimpse of just how high the stakes can be.

A new study by Protiviti--its fifth version of its Internal Audit Capabilities and Needs Survey--has concluded that as risk management becomes a higher priority for board members and executives, it is vital for internal auditors "to increase their focus in this area, particularly the identification of potential future risks as well as risks tied to the business strategy."

Unfortunately, as risk management consumes more of internal auditors' time, internal audit professionals still don't feel prepared to meet the demands triggered by the spate of new regulation. Understanding "emerging risks" was ranked by survey respondents as the top "Need to Improve" item in the area of risk management and governance process, followed closely by "evaluating and changing risk appetite levels."

Other findings of the survey include: the move to IFRS remains a concern, detection of fraud remains a top priority, as does building skills in technology-assisted auditing.

For more:
- here's the press release

Related Articles:
The chief audit executive as a strategic executive
Ten signs your internal audit is in trouble
To whom should your internal auditor report?