| ||
|
News < Back Compliance : Sarbanes Oxley : Auditing : Survey Many Organizations Unprepared to Manage Risk
“There’s a tremendous opportunity for internal auditing in this post-risk management meltdown environment. Having a enterprise-wide view of the organization, internal auditors should be involved in assessing operational and strategic risks – even helping champion the risk management process,” said IIA President Richard Chambers, CIA. “The good news coming out of this survey is that some internal auditors already are playing an active role in helping improve their organizations’ risk management. They’re performing activities such as providing assurance on the risk management process, and this is right in line with the International Standards for the Professional Practice of Internal Auditing.” As indicated by the survey results, the number-one guiding framework for formal and informal risk management processes is The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Enterprise Risk Management — Integrated Framework. In addition, approximately 68 percent of organizations report that they have a risk management philosophy in place. Key risk management elements identified include the presence of a program or process owner, support staff for the program, a sustaining maturity level, and the integration of risk management efforts within the organization. Furthermore, a chief risk officer or equivalent is the person most likely to be in charge of implementing a risk management program. The survey also found that documentation and communication of the organization’s risk management efforts are essential aspects of a risk management program’s success. The majority of organizations represented in the survey actively document and communicate the board’s and management’s risk management roles and responsibilities, as well as the organization’s risk appetite or tolerance level. Additionally, top internal sources of information include data collected from various internal, IT, or external sources; discussions with senior management, the board, or audit committee members; and data collected from programs or staff. On the other hand, top external sources of information include industry publications and industry groups; benchmarking data from other organizations; and external audit reports. And despite the benefits of using technology to monitor risks and the effectiveness of internal controls, 68 percent of the companies represented in the survey do not use risk-monitoring technology. Key risk management practices identified to maximize the use of internal resources and ensure the program’s success include:
The 2008 ERM Benchmarking Survey was conducted through The IIARF’s Global Audit Information Network (GAIN), a trusted name for benchmarking services in the internal audit profession. The Institute of Internal Auditors (IIA) is internationally recognized as a trustworthy guidance-setting body. Serving members in 165 countries, The IIA is the internal audit profession's global voice, chief advocate, recognized authority, acknowledged leader, and principal educator. The IIA Research Foundation (IIARF) was founded in 1976 by The IIA The IIARF expands knowledge and understanding of internal auditing by providing relevant research and educational products to advance the profession globally. |
| |||
© 2019 Simplex Knowledge Company. All Rights Reserved. | TERMS OF USE | PRIVACY POLICY |