Internal auditors are one of the controls to identify and manage risk. But are they the first line?
“CFOs Rally Their Risk Busters,” The Wall Street Journal, June 23, 2015 B6. Tight market for internal auditors.
Agree that internal auditors are used to identify where corporate control systems might need fixes. But can they also identify where rules and processes are not being followed? Isn’t such a check a necessary (but not sufficient) step to achieving compliance with law and with company policy? Is this uniquely a CFO concern?