Recent Challenges In The Industry And How Internal Audit Can Help

The risk landscape for the Financial Services Industry has changed dramatically since the bank failures in March 2023. Watching what happened at Silicon Valley Bank (SVB) and Signature Bank was unfortunate, to say the least, but most disturbing was the speed at which these banks collapsed. Many articles have been written on what went wrong behind the scenes and pointed fingers at many different parties, internally and externally. But in the end, for SVB, it was the tweets & posts by large uninsured depositors pulling their money which fueled a run on the bank. And that, in turn, triggered a bank run at Signature Bank as well.

The power of social media has always been a risk for any company; it can do as much good as bad in a nanosecond. However, the above series of events made social media attacks real for the Finance Industry, highlighting the emergence of this risk on the same level of cyber-attacks, each potentially inflicting irreversible reputational damage.

And there are more risks currently challenging the industry. New emerging technologies such as artificial intelligence (AI), while presenting great potential, come with significant risk if not used responsibly. And based on the current market environment standard risks, like liquidity and credit, have been elevated. As most mid-size banks compete to remain relevant, their development of new products such as digital client offerings and internal transformations, e.g., system upgrades, increases their operational risk as well. And all this impacts reputational and strategic risk. How can Internal audit help address these potential barriers?

 New-age audit departments are driven by a mission to help their organizations overcome challenges; they have a vision to be part of their organization’s success story. They strive to be trusted partners and advisors to assist their company in meeting its strategic objectives. If given a seat at the table, they are wellpositioned to collaborate with their clients to find innovative solutions to manage risk within their institution’s risk appetite. Internal audit (IA) can provide guidance and feedback as subject matter experts in controls and risk mitigation.

Best-class audit groups have reinvented themselves and created agile audit methodologies that work within their respective cultures, helping management to identify and mitigate emerging risks like those noted above. Internal audit departments still have a responsibility to help ensure safety and soundness via their independent assurance work, but most have also implemented “consulting” engagements as a new service. When asked, IA can help their clients over and above their standard assurance reviews because they have the talent, the control expertise, and an enterprise-wide view of the organization. This enables them to identify synergies and chances to improve their client’s current processes to mitigate new risk challenges. This is most often done through agile consulting engagements with the objective of combatting new risks and strengthening an organization for oncoming growth, a strategic goal of every organization.

You may have sensed at this point that the IA profession of the past has changed, and you’re right; internal auditors today are good risk managers focused on the strategic initiatives of the company. They thrive on helping improve things for the future through both their assurance reviews and consulting engagements. They also help address risks in partnership with their company’s risk management function. Both teams work to educate and support the business line managers in their role as 1st line risk managers, responsible for managing their current risks and identifying and mitigating new risks. This coordinated effort to help grow an organization responsibly within an acceptable risk appetite is referred to as the Three Lines of Defense model.

It starts with ownership and accountability of business line management, referred to as the 1st line, that are responsible for managing emerging risks that impact their areas. The risk management function is the 2nd line, which is skilled in risk assessment and can help the 1st line evaluate current and emerging risk. They can also help them develop metrics to monitor those risks. The 3rd line, IA, is the control experts that can give guidance on how to mitigate those risks within the organization’s risk appetite while also giving independent assurance those controls are working as management intended.

Risks in every industry are not just inevitable; they can drive businesses forward if managed correctly. Those organizations that figure out how to mitigate not just the challenging risks noted in this article, but the risks that bring them opportunities and growth are the ones that are well-positioned for success. Leveraging internal audit’s consulting services and a comprehensive Three Lines of Defense model will help them achieve their strategic initiatives and ultimately succeed.