Assessing Risk - Start by seeing the business like investors view it
Frequently internal auditors are looking for the analytics that will better enable them to identify areas of risk. All too often, however, auditors focus too much effort on information found on financial statements and focus their risk discussions with Finance personnel. While certainly important, financial statement data does not tell the whole story. In fact, some of the financial statement data they think is important may actually be of little value in understanding what drives the behavior of business leaders. Internal auditors can spend a lot of time talking about all sorts of risks, which are certainly worth discussing, but without keeping the view in mind, internal auditors are missing important insights. The following are some recent analyst comments about the performance of a large public company:- The company is on a growth trajectory, gathering momentum from its positive earnings surprise history and strong fundamentals. It posted positive earnings surprises in three of the last four quarters, with an average positive surprise of 2.86%
- Its top line and bottom line not only came ahead of the respective Zacks Consensus Estimate, but also marked solid year-over-year improvement
- ...[T]he company issued an encouraging fourth-quarter 2016 guidance
- The stock’s long-term earnings per share growth rate is 7.4%
- The company has always had a good amount of debt on its balance sheet.
- Liquidity is low, since cash and liquid assets are just a fraction of its total assets. We think that the company has limited financial flexibility because of its high debt burden, and further increases in debt could make investment in the shares risky.
Comments like those above are great sources to begin to understand the psyche of the business. Internal auditors then can start ask the following questions:
- How does the business measure performance?
- How do investors measure performance?
- How do these measure drive behavior and introduce risk?
As internal auditors get a view into they metrics and other KPIs, they can then now have a list of key risk indicators (KRIs) that are the basis of very basic yet powerful analytics.
