Role in Risk Management
Internal auditing professional standards require the function to monitor and evaluate the effectiveness of the organization's Risk management processes. Risk management relates to how an organization sets objectives, then identifies, analyzes, and responds to those risks that could potentially impact its ability to realize its objectives.
Under the COSO enterprise risk management (ERM) Framework, risks fall under strategic, operational, financial reporting, and legal/regulatory categories. Management performs risk assessment activities as part of the ordinary course of business in each of these categories. Examples include: strategic planning, marketing planning, capital planning, budgeting, hedging, incentive payout structure, and credit/lending practices. Sarbanes-Oxley regulations also require extensive risk assessment of financial reporting processes. Corporate legal counsel often prepares comprehensive assessments of the current and potential litigation a company faces. Internal auditors may evaluate each of these activities, or focus on the processes used by management to report and monitor the risks identified. For example, internal auditors can advise management regarding the reporting of forward-looking operating measures to the Board, to help identify emerging risks.
In larger organizations, major strategic initiatives are implemented to achieve objectives and drive changes. As a member of senior management, the Chief Audit Executive (CAE) may participate in status updates on these major initiatives. This places the CAE in the position to report on many of the major risks the organization faces to the Audit Committee, or ensure management's reporting is effective for that purpose.
Internal auditors may help companies establish and maintain Enterprise Risk Management processes. Internal auditors also play an important role in helping companies execute a SOX 404 top-down risk assessment. In these latter two areas, internal auditors typically are part of the risk assessment team in an advisory role.
Read more about this topic: Internal Audit
Famous quotes containing the words role in, role, risk and/or management:
“If women’s role in life is limited solely to housewife/mother, it clearly ends when she can no longer bear more children and the children she has borne leave home.”
—Betty Friedan (20th century)
“Language makes it possible for a child to incorporate his parents’ verbal prohibitions, to make them part of himself....We don’t speak of a conscience yet in the child who is just acquiring language, but we can see very clearly how language plays an indispensable role in the formation of conscience. In fact, the moral achievement of man, the whole complex of factors that go into the organization of conscience is very largely based upon language.”
—Selma H. Fraiberg (20th century)
“Maybe we were the blind mechanics of disaster, but you don’t pin the guilt on the scientists that easily. You might as well pin it on M motherhood.... Every man who ever worked on this thing told you what would happen. The scientists signed petition after petition, but nobody listened. There was a choice. It was build the bombs and use them, or risk that the United States and the Soviet Union and the rest of us would find some way to go on living.”
—John Paxton (1911–1985)
“People have described me as a “management bishop” but I say to my critics, “Jesus was a management expert too.””
—George Carey (b. 1935)