Presentation is loading. Please wait.

Presentation is loading. Please wait.

The role of internal audit in enterprise-wide risk management (ERM)

Published byDina McKinney Modified over 8 years ago

Similar presentations

Presentation on theme: "The role of internal audit in enterprise-wide risk management (ERM)"— Presentation transcript:

1 The role of internal audit in enterprise-wide risk management (ERM)
James Glass Director, Business Review and Audit Division

2 Enterprise-wide Risk Management
“A structured, consistent and co-ordinated framework for assessing, responding to and reporting on all risks that affect the achievement of an organisation’s objectives. ERM

3 Guidance IIA standards
Position Statement on risk based internal auditing Position statement on embedding risk management Position statement (draft) on Enterprise wide risk management COSO2 framework

4 COSO draft guidance Objectives Identification Risk Assessment Response
Controls Information & Communication Monitoring Internal Environment Strategic Operations Reporting Compliance

5 COSO Guidance – importance of internal environment

6 Benefits of ERM Greater likelihood of achieving an organisation’s objectives Reduction in management time spent fire fighting Concise/consolidated reporting of disparate risks Greater management focus on the things that matter Fewer surprises or crises Understanding the key risks and their wider implications More informed risk taking / decision making Seizing opportunities / competitive advantage

7 Internal audit role in ERM
Central co-ordinating point for ERM Facilitating management’s response to risk Giving advice on identifying and classifying risks Facilitating risk workshops Monitoring risks across the business Operating the ERM framework Legitimate internal audit roles with safeguards Championing establishment of ERM Developing risk management strategy for board approval Holistic reporting on risks Roles internal audit should not undertake Accountability for risk management Managing risks on managements behalf Imposing risk management processes Taking decisions on risk responses Management assurance on risks Setting risk appetite Giving assurance on the risk management processes Giving assurance that risks are correctly classified Evaluating risk management processes Evaluating reporting of key risks Reviewing the management of key risks Core risk-based internal audit roles

8 Risk based auditing – risk framework / planning
Identify corporate goals, risk appetite & risks to achieving goals Is overall risk management process adequate & effective for identifying, assessing, managing & reporting on risk? Report Facilitate improvement Use organisation’s own view of risk as far as possible Yes Use own assessment of risks (temporarily) with management input No Determine scope and priority of individual audit assignments

9 Risk based auditing - assignments
Review business objectives in the area selected for audit against corporate goals Are risk management processes adequate to identify & manage risks to achieving business objectives and their wider implications? Where largely OK Evaluate processes and determine how management gain assurance that the risk management activities are being carried out as intended Where not OK Undertake / facilitate risk identification & assessment inherent risks risk mitigation residual risks Give assurance where OK and facilitate improvement where not

10 Risk based auditing – the environment
High level of IA risk assessment Focus on improving risk capabilities Significant reliance on management process IA assesses major change risk & wider picture organisation & business model Pace & extent of change to IA undertakes risk assessments & works with management to improve risk management processes High reliance on management assurance Less need for IA unless changes Degree of risk awareness and risk management capability

11 Conclusion Be aware of latest guidance
Importance within an organisation of: Understanding the language of risk Internal environment and culture Stakeholder expectations Need for effective risk based audit approach within the context of ERM

12 Questions

Download ppt "The role of internal audit in enterprise-wide risk management (ERM)"

Similar presentations

Organizational Governance

Organizational Governance
The Role of Auditing in the ERM Process

The Role of Auditing in the ERM Process
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework

Similar presentations

Ads by Google