Register now or log in to join your professional community.
<p>Internal audit do conduct a comprehensive risk assessment of all the units in audit universe every year for audit planning purpose, but should it be given the responsibility to set up an ERM department in the entity on this basis ? </p>
In my opinion, ideally ERM should be set-up as an independent department reporting to the Board through the Audit Committee. Internal Audit department then can be effectively involved in assessing and reporting on the effectiveness of ERM.
No, of course.
There is a position paper issued by IIA on this topic. This paper explains the role of Internal Audit(IA) in ERM. There are certain ERM activities that can be done by IA if certain safeguards are established. These activities generally include establishing the function, providing resources at initial stage and roling out the function. All the core activities after setting up the function should not be carried out by IA.
Practically if Board or Audit committee requires IA to carry out core activities of ERM then IA may get involved in these activities but in this case IA will not be able to audit ERM function. And this fact should be clearly communicated to Board or audit committee .
governance, risk management and control processes. This provides members of the boards and senior management with assurance that helps them fulfil their duties to the organisation and its stakeholders. All categories of risk, their management, including reporting on them.
Allowable, but essentally it is not advisable because it may impair or may be perceived to impair our independence, but safeguards must be put place, one safeguard is board over sight of the function to address the potential impairment of independence and the board may need to engage external assessor to provide assurance on the function for this particular case the risk management function, since it is not logical for the IA to audit the risk management function themselves if they are also responsible for risk management function . But ofcourse it cannot be long term eventually the risk function need to be craves out of the purview of the audit.
Yes, by nature of the job of internal audit it will help the organization do well if they are allowed to set up the ERM unit because ensuring effective risk management liesz with the internal audit since the are more of ensuring policies are folowed.
Setting up of Enterprise Risk Management Office, I think, it should by Audit Committe or it should be oppinted by Board members.
Internal Audit are just involved in assessing and reporting to management through there reports
My answer is yes and No. Yes in the sense that Internal Audit is an integral tool to ensure internal controls which includes financial and business processes are in place by means of a continuous audit process . hence ERP , a powerful real time tool safeguard measure should also be subject to such scrutiny.
No in the sense Risk management is effective more so on a complete commitment by all concerned in managing the affair of the enterprise and hence Internal Audit is a watch dog to that extent.
internal audit is the preparation of external audit thats point of view that affect
As per the IIA, the Internal Audit may have a role in championing an ERM in an organization but with safeguards as a consultancy activity, they may facilitate the establishment of the ERM function or advocate the Management and suggest an ERM Policy for Board Approval.