A solid risk assessment is the foundation of every effective Internal Audit plan—but how it’s done, documented, and aligned with the business can vary dramatically.
In this session, Jonathan Schwartz, VP of Internal Audit and ERM at Compass Inc., will guide participants through his integrated approach to the annual Internal Audit risk assessment and dynamic audit plan, showcasing how a well-designed risk assessment can benefit both Internal Audit and Enterprise Risk Management while aiding enterprise decision-making.
Jonathan’s superpower is making this process approachable and practical for business leaders. Whether he’s engaging with executives or rolling up findings into a board-ready plan, he focuses on clarity, alignment, and actionable insights. What’s more—his methodology works regardless of audit department size, from teams of one to fully built-out functions of 40.
The session will cover how to gather and structure inputs, facilitate stakeholder engagement, document and present results, and translate risk insights into a flexible, high-impact audit plan that evolves throughout the year.
Whether you're a CAE, audit manager, or risk professional, this session offers a real-world blueprint for modernizing and simplifying your approach to risk-based planning.

Learning Objectives:
After attending this session, participants will be able to:
Identify key inputs and data sources used to build an effective Internal Audit risk assessment.

Explain how to structure and facilitate stakeholder conversations to ensure broad risk coverage and buy-in.

Demonstrate how risk assessment results can be translated into a well-documented, actionable audit plan.

Describe how the risk assessment process can be designed to serve both Internal Audit and Enterprise Risk Management needs.

Apply techniques to keep the audit plan flexible and responsive to changing risk conditions throughout the year—regardless of audit team size.