Skip to Content

Board Member Resource Exchange

Board Member Resource Exchange

The resources on this page provide a wealth of information for board and audit committee members responsible for oversight of management reporting on internal controls. Because internal audit plays a key role in assessing and reporting on risk management and internal controls, the board, audit committee, and internal audit share a healthy interdependence.


OnRisk 2022: A Guide to Understanding, Aligning, and Optimizing Risk

OnRisk-2022-186x186.pngFor organizations to effectively operate in today’s unprecedented, crisis-ridden world, key risk management players must know and understand the risks, and effectively carry out their roles to stay on top of them. It is therefore critical that all parties be aligned on what matters most. While several reports offer perspectives from one or more key players involved in the risk management process, there has never been a single report that captured the perspectives of all the key players in one place… until OnRisk.

Internal Audit’s Role in ESG Reporting: Independent assurance is critical to effective sustainability reporting

Internal-Audit-Role-in-ESG-Reporting.pngIt is clear that strong governance over environmental, social, and governance (ESG) issues — as with effective governance overall — requires alignment among the organization’s principal players. As with any risk area, internal audit should be well-positioned to support the governing body and management with objective assurance, insights, and advice on ESG matters. This paper provides an overview of risks related to ESG reporting, along with context on the growing sustainability movement. It also outlines how internal audit can support ESG objectives and add value.

English     Thai

An IIA & EY Report: “The Risky Six: Key questions to expose gaps in board understanding of organizational cyber resiliency

GKB-The-Risky-Six.pngPractitioners and researchers from The IIA and EY conducted extensive analysis to determine the root cause of how and why boards within all industries get a skewed picture of their organizations’ ability to protect themselves from cyber-related risks with the requisite resiliency. The team identified six key questions that if unanswered likely mean a disconnect exists.