Practice Guide: Auditing Conduct Risk

This Practice Guide is provided as a service to members of The IIA. To learn more about the value of IIA membership, visit our Membership page.

Internal auditors can add value by assessing and reporting on the organization’s conduct risk management.

The internal audit activity can help drive strong internal control risk management frameworks (including conduct risk) that align with stakeholder expectations, supporting boards, audit committees, and executive management in their oversight roles.

After reading this guidance, internal auditors will understand:

• The business significance of conduct risk in an organization’s control environment.
• The key components of conduct risk.
• Key stakeholder (including regulator) concerns and expectations related to conduct risk.
• Internal audit’s role in assessing and reporting on organizational culture and management of conduct risk.
• An approach to assess and report on an organization’s culture and management of conduct risk.

Item Number: 10.1329.dl