New Risk Certification DebutsIIA Launches Risk Management Assurance
"The genesis of this certification has essentially come from the evolving role of internal auditing in the risk management process within an organization," says Cyndi Plamondon, vice president of certifications at the IIA.
With this approach, the auditor must first understand the company's mission/vision, strategies, objectives, products, services and high profit areas. Then the auditor must identify and analyze the risks (risk assessment) to the business. The auditor also determines whether controls are in place (or test of design) and whether such controls are effectively working as designed to address key business risks.
"The risk focus helps position internal audit at the table with other C-level executives," Plamondon says.
The CRMA is designed for internal auditors and others interested in risk management assurance. The credential enables internal auditors to:
- Provide assurance on core business processes in risk management and governance;
- Educate management and the audit committee on risk assessment and management concepts;
- Analyze and quantify risk factors in new business ventures and strategies;
- Provide assurance to management that risks are correctly evaluated; and
- Focus on strategic organizational risks.
Heightened AwarenessDenny Beran, senior vice president of audit for J.C. Penney, a retail chain of department stores, is already an applicant for the CRMA. "The CRMA certification will give us a heightened awareness of our responsibility in not just evaluating operational or compliance risks, but understanding strategic risks to the business," Beran says.
For Karine Wegrzynowicz, chief audit executive for Crocs, an international retailer and manufacturer of footwear, the reason to take up this certification is to evolve with the profession and become more risk focused, as opposed to using the checklist and controls approach. "This credibility will help internal audit demonstrate their understanding for assessing both current and emerging risks to the business."
She further says that as head of audit for a multinational company, for example, supporting a management decision about whether to expand a product line in a particular country will need focus beyond controls and a traditional audit approach. Today, she will need to understand the business aspect and risks of introducing this product, as well as the risk management framework and how that is influenced by new technologies and regulations in these regions.
"For my position to be valuable, I need to first understand the key risks to the business and then assess how we can implement controls and processes to mitigate those."
Meeting the NeedFinancial scandals, new legislation, technological advancement and economic fluctuations are all factors pushing the involvement of internal audit into risk management within organizations.
In addition, demands from the board, executive management and regulators have triggered a shift in the focus of internal auditing beyond regulatory compliance issues to major strategic, regulatory, financial and operational risks that confront an organization.
The role of internal audit in risk management provides assurance to stakeholders that its risks are appropriately managed and mitigated, says Beran. "Our involvement provides comfort level to senior management that we are mindful of the risks and know how to develop appropriate ways of assessing, controlling and mitigating these risks."
As a senior manager in the public accounting firm of Crowe Horwath, Steve Hunt finds that his clients are looking for additional guidance on risk management and governance best practices and assistance with their implementation and assurance.
"Many times I see cases where clients are over-controlled on some risks and under-controlled on others," he says. "Having the CRMA designation will help auditors not only tell clients if their internal controls are working or not, they can also help them understand the enterprise-wide risk framework and how controls are managed across the company."
According to Plamondon a big benefit is raising the awareness levels of the role of internal audit within a company. "Auditors play a vital role in delivering increased value to the organizations in terms of cost savings and covering all the risks that matter."
Countdown to ExamsThe first CRMA exams will be held in June 2013. However, applications are currently open for a limited time through CRMA's professional experience recognition program, which selects qualified candidates based on their education, work experience and risk management exposure to obtain the certification before the exam is offered in June 2013.
This certification is available globally across 65 countries, and so far more than 200 applicants have applied for the certification program.
"The IIA is bringing the profession to a matured risk domain, and if professionals get this proficiency, they will be able to understand the risk side far better," Wegrzynowicz says.