The speed of risk, an interesting book by Richard Chambers

September 3, 2019
This year saw the publication of the book "The speed of risk," by Richard Chambers, President and CEO of the global Institute of Internal Auditors (IIA). Until now, I have appreciated Chambers mainly for his short films on Auditchannel, in which he powerfully describes developments in internal audit. You may also be familiar with the video in which he five myths about internal audit is trying to dispel. And very recently, in a similar video, he outlined how you can find out from seven aspects whether you, as an auditor, may be stuck in the age of the dinosaurs. These powerful, somewhat provocative video blogs made me look forward to reading his recently published book.

Incidentally, this book is not available in the Netherlands, so in order to get it I first had to make quite an effort (via the IIA bookstore). Americans are usually a bit more into drama in their marketing than we Dutchmen....and on the site of the IIA bookstore, next to the book, is displayed in large letters: "When seconds count". Once ordered, it took quite a long time before the book landed on my desk in Hilversum, but fortunately the audit profession had not yet collapsed and I could start reading with interest. It soon became apparent that the contents of the book were also worthwhile.

The book bears the subtitle "Lessons learned on the audit trail. Chambers' main aim with this book is to help prepare for the challenges and opportunities facing internal auditors. The most important challenges, as far as he is concerned, are:

  1. The speed at which (new) risks emerge and develop;
  2. Properly assessing organizational culture;
  3. The speed of technological innovation (auditing as well as using it);
  4. Becoming a "trusted advisor" to those we serve.

In one of the first chapters, Chambers spends quite a bit of text distinguishing between the primary, secondary and tertiary stakeholders of internal audit. Many primary stakeholders, members of Audit Committees and Boards of Directors, were surveyed by Chambers. What emerges clearly is that this primary stakeholder group attaches great importance to Assurance. He then excels at typical American enumerations, an example of which I provide.

Five signs that your stakeholders' support is waning:

  1. Management is less cooperative with your risk assessments;
  2. You won't be called anymore;
  3. Business units start creating their own audit(like) functions;
  4. Declining resources for internal audit;
  5. Conducting an external quality review is not your idea.

Because of the new, rapidly emerging and changing risks facing internal auditors, Chambers emphasizes, among other things, that individuals will need to vary their audit assignments, rotate in with the business and be open to training that you might not initially choose. He further urges internal auditors to be a "sponge" for all the information that goes into your organization's business.

When Chambers discusses "the speed of risk" and what to do with it as internal auditors, he discusses primarily the method of risk analysis for the audit calendar. As far as he is concerned, it is no longer enough to update the risk analysis once a year. More frequent, structured monitoring of risks is needed. In addition, it is important to continue doing the less formal "risk assessment by walking around. Finally, a "bird's-eye view" from the audit team adds much; this involves "high over" analysis of developments (industry, economic, seminar, professional, and other external sources). The combination of these three things will help keep the risk analysis (and thus the audit calendar) current.

The elements I have described so far are just a preview of Chambers' recent book. Hopefully this sneak preview will still prompt you to order and read the book. I am sure you will also think several times, as I did myself, "What an open door!" Still, I am of the opinion that Chambers touches on the most current developments of our audit profession and gives pithy pointers on how to deal with them. In any case, the way the book is structured (with lists and rows) provides you with excellent material for an enjoyable and relevant dialogue with your environment. I wish you much reading pleasure and, if you wish, I would be happy to talk further with you about its contents!

Sander van Oosten

Back to Current