S2E8: Beyond GRC – Evolving Internal Audit and Inspector General Effectiveness

In this episode of The Risk Wheelhouse, hosts Sam Jones and Ori Wellington discuss the limitations of traditional governance, risk, and compliance (GRC) approaches to internal audit and inspector general (IG) roles, inspired by John A. Wheeler's insights.

Key Points:

1. Independence as a Myth: Complete independence in internal oversight is impractical since auditors and IGs are often embedded within the organizations they audit, leading to conflicts of interest.

2. GRC's Structural Limitations: Traditional GRC models emphasize compliance and reactive oversight, missing deeper, systemic risks.

3. Integrated Risk Management (IRM): Wheeler advocates shifting towards IRM, a proactive, holistic approach that addresses interconnected risks and vulnerabilities before they escalate.

4. Enhancing Effectiveness: Rather than pursuing unattainable independence, IRM positions internal auditors as strategic risk assessors, improving organizational resilience.

5. External Oversight & Governance: Effective governance structures and external oversight bodies are essential to protect auditors from undue influence.

6. Leadership and Cultural Shift: Successfully implementing IRM requires leaders to foster transparency, accountability, and proactive risk management throughout the organization.

Key Takeaway:

Moving beyond traditional GRC thinking toward IRM empowers oversight roles to proactively manage risks, creating more resilient and accountable organizations.

🎧 Listen Now below or search for The Risk Wheelhouse on Apple Podcasts, Spotify, or Amazon Music.

💬 Join the conversation on LinkedIn or X (Twitter) @WheelhouseAdv.