SlideShare une entreprise Scribd logo

Position statement roleofi-ainriskmgt

H
hiramustansar
1  sur  4
Télécharger pour lire hors ligne
Position Statement The Institute of Internal Auditors – UK and Ireland The Role of Internal Audit in Risk Management Introduction The revised definition of internal auditing sets out two clear roles for internal auditors as providers of both assurance and consulting services. What is key to the achievement of these two roles is the need to maintain clear independence and objectivity. Internal auditors should not ‘hide behind’ independence, but at the same time they need to be aware of the role that they are playing at any point in time. The increasing emphasis that organisations are placing on risk management has given rise to questions from internal auditors about the role that it may be appropriate for them to play within their organisation’s risk management process. As with many issues facing internal auditors in the current climate, there is no ‘right’ answer to this question. Internal auditors must review the guidance given below in the context of the risk management process within their own organisation and the extent to which they believe they can add value to this risk process and hence to their organisation as a whole. Risk management The responsibility for risk management within an organisation clearly lies with the board (or equivalent) who should be responsible for setting the strategy, and senior management who should be responsible for implementing the strategy. However, it is also clear that everyone within an organisation bears some risk management responsibility. This responsibility and accountability is clearly set out in the Turnbull guidance and other similar pronouncements for non-listed organisations. In order to successfully achieve the organisational business objectives, management should ensure that sound and effective risk management processes exist and that they are functioning as intended. Boards and audit committees have an oversight role to determine that risk management is functioning effectively within the organisation. The role of internal audit in the risk management process The role of internal audit within risk management cannot, and should not, be prescribed. The role within one organisation may change over time and the role from one organisation to another is likely to be very different. Primary responsibility for risk management lies with line management. Internal audit’s involvement should stop short of responsibility and accountability for risk management across the organisation and of managing risks on management’s behalf. However, in order to add value, it is often beneficial for internal audit to give proactive advice or to coach management on embedding risk management processes into business activities. The Institute of Internal Auditors UK and Ireland
In practice, internal audit’s role may well fall across the following continuum: From: Focusing the internal audit To: Providing active To: Training and To: Co-ordinating risk work on the significant risks support and involvement educating line staff in reporting to the board, facing the organisation, as in the risk management risk management and the audit committee and identified by management, and process, such as internal control and the risk committee. auditing the risk management participation on facilitating risk processes across the organisation, oversight committees, identification and including providing assurance on monitoring activities and assessment workshops the management of risk status reporting The above list is not exhaustive, nor is the IIA-UK and Ireland saying that internal audit will play only one of the roles outlined above. Each internal auditor must determine the most appropriate role for their organisation and supply the required services. However, when determining the most appropriate role to play, internal auditors should pay heed to the professional requirements for independence and objectivity and should ensure that these are not breached. They must also be certain that they have the necessary knowledge and skills to play the role that they adopt within the risk management process. Although it is not the role of internal audit to identify the risks facing the organisation, where additional risks are identified by internal audit during their work then these should be fed back to management as part of the normal audit reporting process. Where an organisation does not have a clearly defined risk management process internal audit may have a role to play in supporting the need to develop a clearly defined process, or in educating senior people within the organisation as to the need for such a change. The IIA-UK and Ireland would suggest that the following are some ways that internal audit might become involved in risk management without compromising independence and objectivity: Acting as facilitators, enabling and guiding managers and staff through the risk management process, usually as part of a self assessment exercise, by organising and leading workshop based discussions, without themselves necessarily becoming directly involved in the process. Operating as team members who are part of broader based groups, often bringing together staff with first hand knowledge of line management issues as well as those with specific technical expertise. In this scenario, they provide the internal auditing expertise within such multi-skilled teams. Acting as risk and control analysts providing managers with expert advice on the identification and assessment of business risks, and the design and construction of control and mitigation strategies. Making available to management tools and techniques used by internal audit to analyse risks and controls. Becoming a centre of expertise for managing risk. Where internal audit moves away from its ‘traditional’ role it should make it clear that it is operating in a consultative capacity.
In addition to the above, internal audit is likely to become involved on a regular basis in auditing the risk management process and its application. In carrying out this task, internal auditors should consider the following: The extent to which objectives have been set and communicated at all levels within the organisation, and are supported by consistent business strategies, plans and budgets. The adequacy of the mechanisms for identifying, analysing and mitigating key business risks arising from both external and internal sources. The existence of mechanisms for identifying and reacting to both routine and more dramatic changes that could affect the organisation’s ability to achieve its objectives. In this context, it should be noted that an organisational risk management framework should contain the following elements: clear, coherent risk strategy, policies and standards; forums for risk discussions and communications; responsibility for risk, and authority to manage it are clearly defined and assigned to key staff; effective two-way communication within the organisation to ensure that policies are widely understood and that the actual situation found in the business is reported so that it can be seen how effective these policies are; suitable organisational risk programmes and procedures; and arrangements for monitoring and reviewing management of risk including continuous learning from experience.
Further reading If you would like to find out more about the subject of risk management the following publications may be of interest to you: Publication and Author Publisher Risk Management: Changing the Internal Auditor’s Paradigm by Georges Selim and David McNamee IIA Research Foundation IIA Professional Briefing Note 13: Managing Risk IIA-UK and Ireland Effective Governance IIA-UK and Ireland Business Risk Management Gee Publishing The Complete Guide to Business Risk Management by Kit Sadgrove Gower Operational Risk and Resilience: Understanding and minimising operational risk to secure shareholder value by PriceWaterhouseCoopers Butterworth Heinemann Risk Management Guide 2001 White Pager It’s a Risky Business CIPFA You may also find the following websites of interest: Website Address Title or Organisation www.iia.org.uk IIA-UK and Ireland www.theiia.org IIA-Inc www.gee.co.uk Gee Publishing www.corpgov.net Corporate Governance Site About Position Statements The Institute of Internal Auditors – UK and Ireland is dedicated to representing and promoting the interests of internal auditors. It strives to be at the forefront of internal auditing development by: undertaking a continuous programme of research and independent studies; participating in current debates on corporate governance and internal controls; contributing to policy making via input into professional guidance such as the Combined Code and the Audit Commission’s Best Value initiative; providing expert comment to the business media and at conferences. Position Statements are part of a range of technical and professional guidance prepared by the Institute for its members. They are designed to clarify the IIA-UK and Ireland’s official policy position on important and potentially complex matters confronting internal auditors. For details of other guidance material provided by the Institute please visit our website, www.iia.org.uk or email technical@iia.org.uk www.iia.org.uk 13 Abbeville Mews, 88 Clapham Park Road, London SW4 7BX Telephone 020 7498 0101 Fax 020 7978 2492 Email technical@iia.org.uk www.iia.org.uk The Institute of Internal Auditors UK and Ireland © The Institute of Internal Auditors – UK and Ireland, June 2002

Recommandé

Job description form.
Job description form.Job description form.
Job description form.Kennedy Osore
 
2015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.12015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.1Grant Fisher
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Risk management proposal
Risk management proposal Risk management proposal
Risk management proposal Sandisa Oliphant
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 
People risk collateral 2013
People risk collateral 2013People risk collateral 2013
People risk collateral 2013Rahul Bhan (CA, CIA, MBA)
 
S7C - Mastering Advanced Operational Risk (2017) In-House Training Programme
S7C - Mastering Advanced Operational Risk (2017) In-House Training ProgrammeS7C - Mastering Advanced Operational Risk (2017) In-House Training Programme
S7C - Mastering Advanced Operational Risk (2017) In-House Training ProgrammeRodrigo Zepeda LLB, LLM, Chartered MCSI
 
How to assess risk for a company
How to assess risk for a companyHow to assess risk for a company
How to assess risk for a companyOECDglobal
 

Recommandé

Job description form.
Job description form.Job description form.
Job description form.Kennedy Osore
 
2015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.12015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.1Grant Fisher
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Risk management proposal
Risk management proposal Risk management proposal
Risk management proposal Sandisa Oliphant
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 
People risk collateral 2013
People risk collateral 2013People risk collateral 2013
People risk collateral 2013Rahul Bhan (CA, CIA, MBA)
 
S7C - Mastering Advanced Operational Risk (2017) In-House Training Programme
S7C - Mastering Advanced Operational Risk (2017) In-House Training ProgrammeS7C - Mastering Advanced Operational Risk (2017) In-House Training Programme
S7C - Mastering Advanced Operational Risk (2017) In-House Training ProgrammeRodrigo Zepeda LLB, LLM, Chartered MCSI
 
How to assess risk for a company
How to assess risk for a companyHow to assess risk for a company
How to assess risk for a companyOECDglobal
 
Expectations of Risk Management Outpacing Capabilities. It's Time For Action
Expectations of Risk Management Outpacing Capabilities. It's Time For ActionExpectations of Risk Management Outpacing Capabilities. It's Time For Action
Expectations of Risk Management Outpacing Capabilities. It's Time For Actionmichaelszot
 
Risk management
Risk managementRisk management
Risk managementCentauri Business Group Inc.
 
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...Article Review: Enterprise Risk Management: Review, Critique, and Research Di...
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...Kevin Koo
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)simonffg
 
A study on the interface between human resource management and risk managemen...
A study on the interface between human resource management and risk managemen...A study on the interface between human resource management and risk managemen...
A study on the interface between human resource management and risk managemen...IJLT EMAS
 
Alcoa endorses The Business Roundtable Principles of Corporate
Alcoa endorses The Business Roundtable Principles of Corporate Alcoa endorses The Business Roundtable Principles of Corporate
Alcoa endorses The Business Roundtable Principles of Corporate finance8
 
Hrm 7
Hrm 7Hrm 7
Hrm 7Imtinan Ihtifaz
 
Duty of Care and Travel
Duty of Care and TravelDuty of Care and Travel
Duty of Care and TravelEnterprise Security Risk Management
 
Hrm 9
Hrm 9Hrm 9
Hrm 9Imtinan Ihtifaz
 
Ch03 changing the culture report
Ch03 changing the culture reportCh03 changing the culture report
Ch03 changing the culture reportKrizelle Dinlasan
 
Hrm 12
Hrm 12Hrm 12
Hrm 12Imtinan Ihtifaz
 
Riskpro recruitment
Riskpro recruitmentRiskpro recruitment
Riskpro recruitmentRahul Bhan (CA, CIA, MBA)
 
FDE - FERMA report
FDE - FERMA reportFDE - FERMA report
FDE - FERMA reportFERMA
 
Η πυγολαμπίδα
Η πυγολαμπίδαΗ πυγολαμπίδα
Η πυγολαμπίδαavramaki
 
Extorsiunea degajamentelor toxice in cadrul sc amna. srl
Extorsiunea degajamentelor toxice in cadrul sc amna. srlExtorsiunea degajamentelor toxice in cadrul sc amna. srl
Extorsiunea degajamentelor toxice in cadrul sc amna. srlGeo Ripca
 
Shafiq Sindhu123
Shafiq Sindhu123Shafiq Sindhu123
Shafiq Sindhu123shafiq sindhu
 
Emprendimiento
EmprendimientoEmprendimiento
EmprendimientoJosef Alexander
 
Experiencia significativa 2015
Experiencia significativa 2015Experiencia significativa 2015
Experiencia significativa 2015daalvale
 
elBoletín de Universidad de FETE. Febrero 2013
elBoletín de Universidad de FETE. Febrero 2013elBoletín de Universidad de FETE. Febrero 2013
elBoletín de Universidad de FETE. Febrero 2013Fete Córdoba
 
Examenesdegeografiasecundaria
ExamenesdegeografiasecundariaExamenesdegeografiasecundaria
ExamenesdegeografiasecundariaJulio Galvan
 

Contenu connexe

Tendances

Expectations of Risk Management Outpacing Capabilities. It's Time For Action
Expectations of Risk Management Outpacing Capabilities. It's Time For ActionExpectations of Risk Management Outpacing Capabilities. It's Time For Action
Expectations of Risk Management Outpacing Capabilities. It's Time For Actionmichaelszot
 
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...Article Review: Enterprise Risk Management: Review, Critique, and Research Di...
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...Kevin Koo
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)simonffg
 
A study on the interface between human resource management and risk managemen...
A study on the interface between human resource management and risk managemen...A study on the interface between human resource management and risk managemen...
A study on the interface between human resource management and risk managemen...IJLT EMAS
 
Alcoa endorses The Business Roundtable Principles of Corporate
Alcoa endorses The Business Roundtable Principles of Corporate Alcoa endorses The Business Roundtable Principles of Corporate
Alcoa endorses The Business Roundtable Principles of Corporate finance8
 
Ch03 changing the culture report
Ch03 changing the culture reportCh03 changing the culture report
Ch03 changing the culture reportKrizelle Dinlasan
 
FDE - FERMA report
FDE - FERMA reportFDE - FERMA report
FDE - FERMA reportFERMA
 

Tendances (15)

Expectations of Risk Management Outpacing Capabilities. It's Time For Action
Expectations of Risk Management Outpacing Capabilities. It's Time For ActionExpectations of Risk Management Outpacing Capabilities. It's Time For Action
Expectations of Risk Management Outpacing Capabilities. It's Time For Action
 
Risk management
Risk managementRisk management
Risk management
 
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...Article Review: Enterprise Risk Management: Review, Critique, and Research Di...
Article Review: Enterprise Risk Management: Review, Critique, and Research Di...
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management Services
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management Services
 
Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)Enterprise Risk Management Workshop (Singapore 2006)
Enterprise Risk Management Workshop (Singapore 2006)
 
A study on the interface between human resource management and risk managemen...
A study on the interface between human resource management and risk managemen...A study on the interface between human resource management and risk managemen...
A study on the interface between human resource management and risk managemen...
 
Alcoa endorses The Business Roundtable Principles of Corporate
Alcoa endorses The Business Roundtable Principles of Corporate Alcoa endorses The Business Roundtable Principles of Corporate
Alcoa endorses The Business Roundtable Principles of Corporate
 
Hrm 7
Hrm 7Hrm 7
Hrm 7
 
Duty of Care and Travel
Duty of Care and TravelDuty of Care and Travel
Duty of Care and Travel
 
Hrm 9
Hrm 9Hrm 9
Hrm 9
 
Ch03 changing the culture report
Ch03 changing the culture reportCh03 changing the culture report
Ch03 changing the culture report
 
Hrm 12
Hrm 12Hrm 12
Hrm 12
 
Riskpro recruitment
Riskpro recruitmentRiskpro recruitment
Riskpro recruitment
 
FDE - FERMA report
FDE - FERMA reportFDE - FERMA report
FDE - FERMA report
 

En vedette

Η πυγολαμπίδα
Η πυγολαμπίδαΗ πυγολαμπίδα
Η πυγολαμπίδαavramaki
 
Extorsiunea degajamentelor toxice in cadrul sc amna. srl
Extorsiunea degajamentelor toxice in cadrul sc amna. srlExtorsiunea degajamentelor toxice in cadrul sc amna. srl
Extorsiunea degajamentelor toxice in cadrul sc amna. srlGeo Ripca
 
Experiencia significativa 2015
Experiencia significativa 2015Experiencia significativa 2015
Experiencia significativa 2015daalvale
 
elBoletín de Universidad de FETE. Febrero 2013
elBoletín de Universidad de FETE. Febrero 2013elBoletín de Universidad de FETE. Febrero 2013
elBoletín de Universidad de FETE. Febrero 2013Fete Córdoba
 
Examenesdegeografiasecundaria
ExamenesdegeografiasecundariaExamenesdegeografiasecundaria
ExamenesdegeografiasecundariaJulio Galvan
 
Expansión_AJL Ophthalmic_200215
Expansión_AJL Ophthalmic_200215Expansión_AJL Ophthalmic_200215
Expansión_AJL Ophthalmic_200215María José Mayado
 
El estrés
El estrésEl estrés
El estrésatiega1
 
Safe Access Tennessee - Principles 12012015
Safe Access Tennessee - Principles 12012015Safe Access Tennessee - Principles 12012015
Safe Access Tennessee - Principles 12012015David Hairston, CPA
 
[AIESEC Danang] Application for Best oGIP Award
[AIESEC Danang] Application for Best oGIP Award[AIESEC Danang] Application for Best oGIP Award
[AIESEC Danang] Application for Best oGIP AwardKhanh Dang
 
Presentacion corta
Presentacion cortaPresentacion corta
Presentacion cortamasqsono
 
Roman Burial Rite in Viminacium, The Latest Discovery - OpenArch Conference, ...
Roman Burial Rite in Viminacium, The Latest Discovery - OpenArch Conference, ...Roman Burial Rite in Viminacium, The Latest Discovery - OpenArch Conference, ...
Roman Burial Rite in Viminacium, The Latest Discovery - OpenArch Conference, ...EXARC
 
Meet the CEO : Liviu Dan Dragan, CEO TotalSoft - Secretele Charismei
Meet the CEO : Liviu Dan Dragan, CEO TotalSoft - Secretele CharismeiMeet the CEO : Liviu Dan Dragan, CEO TotalSoft - Secretele Charismei
Meet the CEO : Liviu Dan Dragan, CEO TotalSoft - Secretele CharismeiIoana Sigarteu
 
Greenspace Heroes: Constitution Lakes
Greenspace Heroes: Constitution LakesGreenspace Heroes: Constitution Lakes
Greenspace Heroes: Constitution LakesPark Pride
 
Real Decreto-ley 8/2014, de 4 de julio, de aprobación de medidas urgentes par...
Real Decreto-ley 8/2014, de 4 de julio, de aprobación de medidas urgentes par...Real Decreto-ley 8/2014, de 4 de julio, de aprobación de medidas urgentes par...
Real Decreto-ley 8/2014, de 4 de julio, de aprobación de medidas urgentes par...José Manuel Arroyo Quero
 

En vedette (20)

Η πυγολαμπίδα
Η πυγολαμπίδαΗ πυγολαμπίδα
Η πυγολαμπίδα
 
Extorsiunea degajamentelor toxice in cadrul sc amna. srl
Extorsiunea degajamentelor toxice in cadrul sc amna. srlExtorsiunea degajamentelor toxice in cadrul sc amna. srl
Extorsiunea degajamentelor toxice in cadrul sc amna. srl
 
Shafiq Sindhu123
Shafiq Sindhu123Shafiq Sindhu123
Shafiq Sindhu123
 
Emprendimiento
EmprendimientoEmprendimiento
Emprendimiento
 
Experiencia significativa 2015
Experiencia significativa 2015Experiencia significativa 2015
Experiencia significativa 2015
 
elBoletín de Universidad de FETE. Febrero 2013
elBoletín de Universidad de FETE. Febrero 2013elBoletín de Universidad de FETE. Febrero 2013
elBoletín de Universidad de FETE. Febrero 2013
 
Examenesdegeografiasecundaria
ExamenesdegeografiasecundariaExamenesdegeografiasecundaria
Examenesdegeografiasecundaria
 
Expansión_AJL Ophthalmic_200215
Expansión_AJL Ophthalmic_200215Expansión_AJL Ophthalmic_200215
Expansión_AJL Ophthalmic_200215
 
El estrés
El estrésEl estrés
El estrés
 
Safe Access Tennessee - Principles 12012015
Safe Access Tennessee - Principles 12012015Safe Access Tennessee - Principles 12012015
Safe Access Tennessee - Principles 12012015
 
[AIESEC Danang] Application for Best oGIP Award
[AIESEC Danang] Application for Best oGIP Award[AIESEC Danang] Application for Best oGIP Award
[AIESEC Danang] Application for Best oGIP Award
 
Manish resume
Manish resumeManish resume
Manish resume
 
Antonio machado
Antonio machadoAntonio machado
Antonio machado
 
Angl mova(2)season
Angl mova(2)seasonAngl mova(2)season
Angl mova(2)season
 
Presentacion corta
Presentacion cortaPresentacion corta
Presentacion corta
 
Roman Burial Rite in Viminacium, The Latest Discovery - OpenArch Conference, ...
Roman Burial Rite in Viminacium, The Latest Discovery - OpenArch Conference, ...Roman Burial Rite in Viminacium, The Latest Discovery - OpenArch Conference, ...
Roman Burial Rite in Viminacium, The Latest Discovery - OpenArch Conference, ...
 
Meet the CEO : Liviu Dan Dragan, CEO TotalSoft - Secretele Charismei
Meet the CEO : Liviu Dan Dragan, CEO TotalSoft - Secretele CharismeiMeet the CEO : Liviu Dan Dragan, CEO TotalSoft - Secretele Charismei
Meet the CEO : Liviu Dan Dragan, CEO TotalSoft - Secretele Charismei
 
Greenspace Heroes: Constitution Lakes
Greenspace Heroes: Constitution LakesGreenspace Heroes: Constitution Lakes
Greenspace Heroes: Constitution Lakes
 
Aula 04
Aula 04Aula 04
Aula 04
 
Real Decreto-ley 8/2014, de 4 de julio, de aprobación de medidas urgentes par...
Real Decreto-ley 8/2014, de 4 de julio, de aprobación de medidas urgentes par...Real Decreto-ley 8/2014, de 4 de julio, de aprobación de medidas urgentes par...
Real Decreto-ley 8/2014, de 4 de julio, de aprobación de medidas urgentes par...
 

Similaire à Position statement roleofi-ainriskmgt

RSM India publication - Internal audit and risk management in BFSI Sector
RSM India publication - Internal audit and risk management in BFSI Sector RSM India publication - Internal audit and risk management in BFSI Sector
RSM India publication - Internal audit and risk management in BFSI Sector RSM India
 
Corporate Governance in the boardroom_FINAL_optimised
Corporate Governance in the boardroom_FINAL_optimisedCorporate Governance in the boardroom_FINAL_optimised
Corporate Governance in the boardroom_FINAL_optimisedRichard Sykes
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal auditaakash malhotra
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012Good Light Massage Center
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Siegfried addressing current governance and risk management challenges in gov...
Siegfried addressing current governance and risk management challenges in gov...Siegfried addressing current governance and risk management challenges in gov...
Siegfried addressing current governance and risk management challenges in gov...icgfmconference
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk managementQuarterlyEarningsReports2
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
Role and responsibility of risk manager
Role and responsibility of risk managerRole and responsibility of risk manager
Role and responsibility of risk managerShimon Yelinek
 
Enterprise Risk Management 2014
Enterprise Risk Management 2014Enterprise Risk Management 2014
Enterprise Risk Management 2014Ali Zeeshan
 
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016Tim Leech
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820minhaj52
 

Similaire à Position statement roleofi-ainriskmgt (20)

RSM India publication - Internal audit and risk management in BFSI Sector
RSM India publication - Internal audit and risk management in BFSI Sector RSM India publication - Internal audit and risk management in BFSI Sector
RSM India publication - Internal audit and risk management in BFSI Sector
 
Corporate Governance in the boardroom_FINAL_optimised
Corporate Governance in the boardroom_FINAL_optimisedCorporate Governance in the boardroom_FINAL_optimised
Corporate Governance in the boardroom_FINAL_optimised
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal audit
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
 
Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Descriptor MetisGRC
Descriptor MetisGRCDescriptor MetisGRC
Descriptor MetisGRC
 
Siegfried addressing current governance and risk management challenges in gov...
Siegfried addressing current governance and risk management challenges in gov...Siegfried addressing current governance and risk management challenges in gov...
Siegfried addressing current governance and risk management challenges in gov...
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
 
Role and responsibility of risk manager
Role and responsibility of risk managerRole and responsibility of risk manager
Role and responsibility of risk manager
 
Enterprise Risk Management 2014
Enterprise Risk Management 2014Enterprise Risk Management 2014
Enterprise Risk Management 2014
 
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820
 

Position statement roleofi-ainriskmgt

  • 1. Position Statement The Institute of Internal Auditors – UK and Ireland The Role of Internal Audit in Risk Management Introduction The revised definition of internal auditing sets out two clear roles for internal auditors as providers of both assurance and consulting services. What is key to the achievement of these two roles is the need to maintain clear independence and objectivity. Internal auditors should not ‘hide behind’ independence, but at the same time they need to be aware of the role that they are playing at any point in time. The increasing emphasis that organisations are placing on risk management has given rise to questions from internal auditors about the role that it may be appropriate for them to play within their organisation’s risk management process. As with many issues facing internal auditors in the current climate, there is no ‘right’ answer to this question. Internal auditors must review the guidance given below in the context of the risk management process within their own organisation and the extent to which they believe they can add value to this risk process and hence to their organisation as a whole. Risk management The responsibility for risk management within an organisation clearly lies with the board (or equivalent) who should be responsible for setting the strategy, and senior management who should be responsible for implementing the strategy. However, it is also clear that everyone within an organisation bears some risk management responsibility. This responsibility and accountability is clearly set out in the Turnbull guidance and other similar pronouncements for non-listed organisations. In order to successfully achieve the organisational business objectives, management should ensure that sound and effective risk management processes exist and that they are functioning as intended. Boards and audit committees have an oversight role to determine that risk management is functioning effectively within the organisation. The role of internal audit in the risk management process The role of internal audit within risk management cannot, and should not, be prescribed. The role within one organisation may change over time and the role from one organisation to another is likely to be very different. Primary responsibility for risk management lies with line management. Internal audit’s involvement should stop short of responsibility and accountability for risk management across the organisation and of managing risks on management’s behalf. However, in order to add value, it is often beneficial for internal audit to give proactive advice or to coach management on embedding risk management processes into business activities. The Institute of Internal Auditors UK and Ireland
  • 2. In practice, internal audit’s role may well fall across the following continuum: From: Focusing the internal audit To: Providing active To: Training and To: Co-ordinating risk work on the significant risks support and involvement educating line staff in reporting to the board, facing the organisation, as in the risk management risk management and the audit committee and identified by management, and process, such as internal control and the risk committee. auditing the risk management participation on facilitating risk processes across the organisation, oversight committees, identification and including providing assurance on monitoring activities and assessment workshops the management of risk status reporting The above list is not exhaustive, nor is the IIA-UK and Ireland saying that internal audit will play only one of the roles outlined above. Each internal auditor must determine the most appropriate role for their organisation and supply the required services. However, when determining the most appropriate role to play, internal auditors should pay heed to the professional requirements for independence and objectivity and should ensure that these are not breached. They must also be certain that they have the necessary knowledge and skills to play the role that they adopt within the risk management process. Although it is not the role of internal audit to identify the risks facing the organisation, where additional risks are identified by internal audit during their work then these should be fed back to management as part of the normal audit reporting process. Where an organisation does not have a clearly defined risk management process internal audit may have a role to play in supporting the need to develop a clearly defined process, or in educating senior people within the organisation as to the need for such a change. The IIA-UK and Ireland would suggest that the following are some ways that internal audit might become involved in risk management without compromising independence and objectivity: Acting as facilitators, enabling and guiding managers and staff through the risk management process, usually as part of a self assessment exercise, by organising and leading workshop based discussions, without themselves necessarily becoming directly involved in the process. Operating as team members who are part of broader based groups, often bringing together staff with first hand knowledge of line management issues as well as those with specific technical expertise. In this scenario, they provide the internal auditing expertise within such multi-skilled teams. Acting as risk and control analysts providing managers with expert advice on the identification and assessment of business risks, and the design and construction of control and mitigation strategies. Making available to management tools and techniques used by internal audit to analyse risks and controls. Becoming a centre of expertise for managing risk. Where internal audit moves away from its ‘traditional’ role it should make it clear that it is operating in a consultative capacity.
  • 3. In addition to the above, internal audit is likely to become involved on a regular basis in auditing the risk management process and its application. In carrying out this task, internal auditors should consider the following: The extent to which objectives have been set and communicated at all levels within the organisation, and are supported by consistent business strategies, plans and budgets. The adequacy of the mechanisms for identifying, analysing and mitigating key business risks arising from both external and internal sources. The existence of mechanisms for identifying and reacting to both routine and more dramatic changes that could affect the organisation’s ability to achieve its objectives. In this context, it should be noted that an organisational risk management framework should contain the following elements: clear, coherent risk strategy, policies and standards; forums for risk discussions and communications; responsibility for risk, and authority to manage it are clearly defined and assigned to key staff; effective two-way communication within the organisation to ensure that policies are widely understood and that the actual situation found in the business is reported so that it can be seen how effective these policies are; suitable organisational risk programmes and procedures; and arrangements for monitoring and reviewing management of risk including continuous learning from experience.
  • 4. Further reading If you would like to find out more about the subject of risk management the following publications may be of interest to you: Publication and Author Publisher Risk Management: Changing the Internal Auditor’s Paradigm by Georges Selim and David McNamee IIA Research Foundation IIA Professional Briefing Note 13: Managing Risk IIA-UK and Ireland Effective Governance IIA-UK and Ireland Business Risk Management Gee Publishing The Complete Guide to Business Risk Management by Kit Sadgrove Gower Operational Risk and Resilience: Understanding and minimising operational risk to secure shareholder value by PriceWaterhouseCoopers Butterworth Heinemann Risk Management Guide 2001 White Pager It’s a Risky Business CIPFA You may also find the following websites of interest: Website Address Title or Organisation www.iia.org.uk IIA-UK and Ireland www.theiia.org IIA-Inc www.gee.co.uk Gee Publishing www.corpgov.net Corporate Governance Site About Position Statements The Institute of Internal Auditors – UK and Ireland is dedicated to representing and promoting the interests of internal auditors. It strives to be at the forefront of internal auditing development by: undertaking a continuous programme of research and independent studies; participating in current debates on corporate governance and internal controls; contributing to policy making via input into professional guidance such as the Combined Code and the Audit Commission’s Best Value initiative; providing expert comment to the business media and at conferences. Position Statements are part of a range of technical and professional guidance prepared by the Institute for its members. They are designed to clarify the IIA-UK and Ireland’s official policy position on important and potentially complex matters confronting internal auditors. For details of other guidance material provided by the Institute please visit our website, www.iia.org.uk or email technical@iia.org.uk www.iia.org.uk 13 Abbeville Mews, 88 Clapham Park Road, London SW4 7BX Telephone 020 7498 0101 Fax 020 7978 2492 Email technical@iia.org.uk www.iia.org.uk The Institute of Internal Auditors UK and Ireland © The Institute of Internal Auditors – UK and Ireland, June 2002