(Practice Guide) Assessing the Adequacy of Risk Management Using ISO 31000 - Download PDF

  • Item No. : 1079.dl
  • Publisher : The Institute of Internal Auditors
  • Publish Date : December 2010
  • Authors : Andrew MacLeod, CIA
    Patricia A. MacDonald
    Benito Ybarra, CIA
    Trygve Sorlie, CIA, CCSA
    Brian Foster, CIA
    Teis Stokka, CIA
  • Media : Download
  • Page count : 17
  • Member Price : $0.00
  • Non-Member Price : $24.99

Add to Wish List

This Practice Guide is provided as a service to members of The IIA.

IIA members: Please LOGIN to download a FREE copy (PDF). 

Non-members: Add this item to your shopping cart to purchase a copy for download. Please allow 48-72 hours after placing the order to receive an email containing the link and access code to download your purchased product.

Learn more about the value of an IIA Membership.


Practice Guides provide detailed guidance for conducting internal audit activities. They include detailed processes and procedures, such as tools and techniques, programs, and step-by-step approaches, as well as examples of deliverables. Practice Guides are part of The IIA's International Professional Practices Framework (IPPF). As part of the Strongly Recommended category of guidance, compliance is not mandatory, but it is strongly recommended and the guidance is endorsed by The IIA through a formal review and approval process.

The IIA has released a new practice guide titled “Assessing the Adequacy of Risk Management Using ISO 31000.” The use of enterprisewide risk management frameworks has expanded as organizations recognize the advantages of coordinated approaches to risk management. The risk management framework must be designed to suit the organization: its internal and external environment.


This guide details three approaches to assurance of the risk management process: a Process Elements approach; an approach based on Principles of Risk Management; and a Maturity Model approach. The assurance process that is used should be tailored to the organization’s needs. Internal auditors should have a means of measuring the effectiveness of risk management in an organization and forming a conclusion on the organization’s level of risk management maturity. One of the key criteria that internal auditors should consider is whether there is a suitable framework in place to advance a corporate and systematic approach to risk management.


This practice guide uses ISO 31000 as a basis for the risk management framework. Other frameworks may be used to perform the risk assessment. This guidance does not imply implicit or explicit endorsement of this or any other framework.