Recommended Guidance
Risk management activities and initiatives are required and expected by regulators, rating agencies, and stakeholders in major industries around the world. However, risk management is driven by more than regulations and external forces; organizations of any type and size could benefit from implementing a risk management process to help increase entity value, achieve operational and strategic objectives, and safeguard stakeholders.
This guide will aid the internal audit activity in developing approaches to review and assess the effectiveness of an organization’s risk management processes and strategies, regardless of the activity’s size, maturity level, or resource level.
It also discusses how internal audit may influence the positive side of risk, providing insights to senior management and the board on how organizations can discover and embrace potential missed opportunities.
This guidance will enable internal auditors to:
- Understand the need to perform audit engagements of risk management activities.
- Understand the key components of an effective risk management process.
- Develop an approach taking into account the business environment, the level of maturity, and regulatory environments.
- Collect the necessary information to determine the scope of the audit engagement of risk management activities.
- Evaluate the effectiveness of risk management processes.
- Contribute to the improvement of risk management processes.