Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk assurance 414
|
FIgURE
35.1 Role of internal audit in ERM Core internal audit roles in regard to ERM Giving assurance on the risk management processes Giving assurance that risks are co rrectly evaluate d Evaluating risk management proc esse s Evaluating the reporting of key risks Reviewing the management of key r isks Facilitating identifi cation & evaluation of r isks Coaching management i n responding to risks Co-ordinating ERM activlties Consolidated reporting on risks Maintaining & developing the ERM framework Championing establishment of ERM Developing RM strategy for board approval Setting the risk appetite Imposing risk management pro cesses Management assurance on risks Taking decisions on risk responses Implementing risk responses on management's behalf Accountability for risk management Legitimate internal audit roles with safeguards Roles internal audit should not undertake soURCe: this diagram is taken from Position Statement: The role of internal audit in enterprise-wide risk management, reproduced with the permission of the Institute of Internal auditors – UK and Ireland. For the full statement visit www.iia.org.uk. Risk assurance 414 place. The risk register will often record current controls and make recommendations for the implementation of additional controls. The core work of the internal auditor starts at this point. Having identified the criti- cally important controls, the auditor will need to check that they are implemented in practice and that they are correct and effective. The outcome of testing of controls is to ensure that the intended level of risk is actually achieved in practice. In other words, the control actually moves the level of risk from the inherent level to the intended current level in the way that was planned and often assumed. If the control is not effective and efficient, it will need to be modified. This is another area where risk management and internal audit share expertise. Although these discussions on controls can be facilitated by risk management and internal audit, the ultimate decisions on the controls and their anticipated effectiveness have to be made by the members of line management who are responsible for the controls. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|