Historically ERM efforts trace back to compliance with the Sarbanes-Oxley Act, with the implementation of an internal control framework that requires a regular enterprise risk assessment. As a result, it’s not surprising that internal audit departments have become crucial in driving their organization’s ERM efforts.
Does a compliance program need to shift toward a broader ERM one? Not necessarily. Remember that compliance, internal audit, and risk management remain distinct disciplines that need to work together, in a collaborative (if not integrated) fashion, to achieve corporate objectives.