Why Risk & Internal Audit Aren't Focused on What Matters Most
In a recent LinkedIn post, I posed what I believe is one of the most important questions facing the risk management and internal audit professions today. If risk is defined in ISO 31000 as "the effect of uncertainty on objectives," why don't both professions begin with an organization's Mission Critical Objectives? It seems like an obvious place to start. Yet in most organizations, it isn't.
