by Jason Rohlf – August 25, 2010

Greetings faithful readers! I’m writing to you from the beautiful Breakers Hotel in West Palm Beach, Florida, site of the Institute of Internal Auditors’ 2010 GRC Conference. As is often the case with my blogs, here’s a little history lesson: The hotel was originally built in 1896 by Standard Oil Company magnate Henry Flagler. After the hotel burned down in 1903, it was rebuilt and reopened in 1904, when rooms were going for $4 per night, including three meals. Um, let’s just say the times (and prices) have changed a bit, but much of the hotel’s rich heritage has been lovingly maintained and is prominently featured throughout the resort.

I consider myself fortunate on two fronts: being able to have such fine accommodations and having the opportunity to attend a conference with a fine professional organization like the IIA. I’ve been an IIA member for some time now and have faithfully read their publications, attended and taught at seminars and leveraged the knowledge they provide with their members in the spirit of their motto “Progress through Sharing”. Today my boss, the legendary David Walter, left me a voicemail asking me if I was on the beach, having a massage or enjoying a leisurely breakfast. I know what you’re thinking – how dare I ignore my boss’s call!  Well I was too wrapped up in the excellent presentation being given by James D. Ratley, President of the Association of Certified Fraud Examiners, to take David’s call. When we finally connected, I joked that I had actually been receiving a massage on the beach while eating breakfast and therefore couldn’t take his call. All joking aside, he wanted to see how things were going and, more importantly, just how “geeked out” I was by the conference.

I understand that the term/acronym “GRC” is viewed by many as a buzzword or a marketing tool, but based on the sessions I’ve participated in and the conversations I’ve had, GRC is nothing of the sort. It’s a collection of closely interrelated processes, initiatives, challenges and opportunities that are prominent in the minds of the internal audit community. I am very pleased to see the IIA assemble such a strong curriculum focused on governance, risk and compliance, with tracks assembled to address:

• Internal Audit’s role in risk management
• Fraud
• Regulatory, legislative and compliance concepts, and
• Governance insights

I don’t know about you, but this tells me that GRC is not just a concept, but something that’s been woven into the fabric of what the internal audit profession strives to represent. I have attended many of these sessions and each one has been packed with excellent information from very knowledgeable presenters and with equally poignant questions and insights from the attendees. I’ve also been very pleased to see that internal auditors are not only keenly aware of their need to expand their risk focus beyond traditional financial compliance controls, but they also understand that leveraging technology to support continuous auditing and monitoring activities is widely viewed as a critical future competency of an effective audit practice. If nothing else, the conference has helped validate the research we’ve been performing and the conclusions we’ve reached about the challenges the profession faces and the opportunities it has to elevate its stature within the organizations it serves.

So to answer David’s question – I am extremely geeked out by this conference, and I’m even more geeked out by the way the internal audit profession is embracing the challenge of being a trusted business advisor and essential enablers of effective GRC programs.