Tim Leech

In this article by Tim Leech, we dive into the evolving role of internal audit and risk management functions. The 2025 North American Pulse of Internal Audit report has just been released, and it brings forth important observations that are crucial for understanding the current landscape of internal audit and risk management. The question arises over whether organizations should stick with the traditional model of Risk & Controls Enforcement, or should they shift towards providing decision support services that align with mission-critical objectives (MCOs) and risks?

The true purpose of every Chief Risk Officer (CRO) and Chief Audit Executive (CAE) should be to support management and boards in making informed, critical decisions. Unfortunately, this is not always the case today. Risk units and internal audit functions should be instrumental in guiding management and boards in the decision-making process, particularly when it comes to managing risks and uncertainties linked to mission-critical objectives (MCOs).