For many risk, compliance and audit professionals simply posing the question will immediately raise their eyebrows. For them managing risks belongs to their profession as fireworks belong to New Year’s Eve. However, in recent years the understanding of dealing with the uncertain future has changed considerably. In this article I share recent developments with significant implications for internal auditors.

Risk management can and should be implemented according to many experts. They believe it is profoundly unwise not to do so. It saves you from unnecessary pitfalls and above all risk management helps you achieve your goals. How on earth could it be redundant?

Organizational leadership has to do something with risks. This is the underlying principle in the international risk and audit management standards. The internal audit function is supposed to evaluate the effectiveness of the risk management processes and contribute to improving them.

Many people have been assigned roles in the risk management world. Think of those who have been designated as ‘risk owner’ by their Risk Management colleagues. Countless individuals make their living as internal risk managers, risk officers or risk analysts. Not to mention the numerous external risk advisors and software vendors.