Nearly a third of heads of internal audit believe that their organisation's non-executive directors fail to scrutinise risk management adequately. New research by the IIA not only highlighted this concern, stated by 32 per cent of heads of internal audit, but also uncovered further worries that non-executive directors' analysis of risk is too narrow, too many lack the independence to challenge the executive team and most companies leave risk review entirely to the audit committee, meaning that other non-executive directors have no influence on crucial issues.
The research also highlighted two barriers that prevent non-executive directors gaining a proper understanding of their organisation's risks. Most have access only to limited information about vital company issues and too little exposure to views other than those of the executive. This in turn limits their understanding of operational risks such as health and safety and supply chain problems.
“Boards' scrutiny of risk management still needs to become more robust,” said Ian Peters, chief executive of the IIA. “Although our survey shows that the importance and quality of non-executive directors has improved over the past five years, it is clear that they still need to become much more questioning and hands-on in their approach to risk management if they are to meet the needs of the company and the expectations of investors.”
A full summary and details of the research can be downloaded from the IIA website.