The delivery of sustainable stakeholder value in the [21.sup.st] century requires internal auditors to focus on both value creation (offense) and value preservation (defense). While internal audit's focus on value creation has been increasing recently, many stakeholders still perceive its greatest contribution to be value preservation. Preserving value involves safeguarding against potential risks, thereby enabling the achievement of short-, medium-, and long-term objectives.
The value preservation imperative represents an organization's obligation to demonstrate that it is taking adequate steps to defend against value erosion, reduction, or destruction. Internal audit needs to be mindful of how its organization is fulfilling this obligation. By viewing risk through the lens of corporate defense, auditors have an alternative way to think about managing risks and protecting value.
The Defense Program
Corporate defense is synonymous with value preservation. A corporate defense program represents an organization's collective program for self-defense. A comprehensive corporate defense program requires a multidisciplinary approach that involves aligning, coordinating, and integrating eight distinct disciplines: governance, risk, compliance, intelligence, security, resilience, controls, and assurance (see "The Elements of Corporate Defense" on page 21).
As internal audit develops its risk assessments and audit plans, it should evaluate each of these components to determine whether they are incorporated into the organization's corporate defense framework and to assess whether they are being managed appropriately. Auditors need to fully appreciate the positive contribution each of these components makes both individually and collectively. Effective corporate defense requires a clear understanding of the continuous interaction, interconnections, and critical interdependencies that exist among these components. These complimentary disciplines continuously impact one another in today's complex organizations. In fact, the symbiotic nature of their relationships means that each contributes to, and receives from, each of the other components.
As organizations have developed these unique functions and disciplines, the boundaries between these components have become blurred. Therefore, it is difficult to determine where one component ends and another begins. Each component provides a different but essential perspective on dealing with risks. For example...