The Institute of Internal Auditors (IIA) has called for strict regulatory standards around risk management, pointing to the global financial crisis as evidence of the perils of excessive risk-taking.

The IIA has called for risk management to be removed from the Australian Securities Exchange (ASX) Corporate Governance Council’s optional “if not, why not” regime, and instead elevated to become a mandatory listing rule.

IIA board director Gary Anderson says a string of corporate failures have demonstrated why “core governance functions such as internal audit and risk management assurance are non-negotiable”.

He cited research showing less than 80% of ASX 200 companies have revealed they have an internal audit function.

“Many corporates will not take the high road when the path of least resistance is available,” he said. “It’s time to mandate tougher standards.”

The IIA claims good governance stems from a strong audit committee, robust internal audit function and best practice internal audit professional standards.