Internal Audit Office realigns to strengthen risk and resilience capabilities

As part of ongoing efforts to strengthen Purdue’s risk management and operational resilience capabilities, the university has initiated a realignment within its internal audit function.

The operational resilience program, which incorporates the university’s International Organization for Standardization (ISO) program and business continuity management initiative, will move under the internal audit department and expand its scope across the university. This move, which was discussed with and approved by the Audit Committee and the Board of Trustees, is designed to capitalize on the synergies between internal audit, enterprise risk management (ERM) and the operational resilience team.

With this move, the Internal Audit Office will be renamed the Office of Audit, Enterprise Risk and Operational Resilience.

The restructured department will enhance cross-functional collaboration, improve visibility into emerging risks and deliver greater strategic value to the organization. This strategic alignment also offers a competitive advantage, as ISO certification is increasingly a prerequisite for securing industry partnerships. By expanding the ISO program, the university positions itself as a preferred and trusted partner.

ISO certification opens new revenue opportunities through partnerships and industry projects while benefiting students directly. BCM ensures continuity of critical operations during disruptions through proactive planning and response strategies.

The restructured office will consist of three pillars: internal audit, enterprise risk management and operational resilience:

• Internal audit serves as a resource to examine and evaluate university activities in service to the Board of Trustees. Its purpose is to use a systematic, disciplined approach to assess whether the university’s control, risk management and governance processes are adequate and functioning as designed. The department will accomplish this goal through audits, advisory and consulting services designed to add value to the university’s operations and control environment. 

• Enterprise risk management is an ongoing process aimed at identifying, assessing, mitigating, monitoring and communicating key risks to advance Purdue’s mission and strategic goals. Mature processes implemented through the ERM program help minimize the impact of risk events on the organization, contributing to enhanced resilience and organizational preparedness.

• The university’s operational resilience program integrates two key components: the International Organization for Standardization program and the business continuity management initiative. Together, they form the foundation for ensuring the university’s ability to anticipate, respond to and recover from operational disruptions, while meeting growing expectations from industry stakeholders. These programs will be executed using existing resources without additional headcount, at least initially, as the scope expands enterprise wide.