Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Can Internal Audit department be made responsible for setting up an Enterprise Risk Management office/department in the organisation ?

<p>Internal audit do conduct a comprehensive risk assessment of all the units in audit universe every year for audit planning purpose, but should it be given the responsibility to set up an ERM department in the entity on this basis ? </p>

user-image
Question added by Osama Ahmed , Internal Audit Supervisor , Fujairah National Group
Date Posted: 2014/09/08
Deleted user
by Deleted user

In my opinion, ideally ERM should be set-up as an independent department reporting to the Board through the Audit Committee. Internal Audit department then can be effectively involved in assessing and reporting on the effectiveness of ERM.

Waqayan Al Waqayan
by Waqayan Al Waqayan , Secretary of Sharia Supervisory Board (SSB) , Ahli United Bank (AUB)

No, of course.

Naveed Rasheed
by Naveed Rasheed , HEAD OF AUDIT & ADVISORY SERVICES , F&N CONSULTING.

There is a position paper issued by IIA on this topic. This paper explains the role of Internal Audit(IA) in ERM. There are certain ERM activities that can be done by IA if certain safeguards are established. These activities generally include establishing the function, providing resources at initial stage and roling out the function. All the core activities after setting up the function should not be carried out by IA. 

Practically if Board or Audit committee requires IA to carry out core activities of ERM then IA may get involved in these activities but in this case IA will not be able to audit ERM function. And this fact should be clearly communicated to Board or audit committee .

Siddhartha Sinha
by Siddhartha Sinha , assistant manager , hsbc bank

no it is not the job of internal auditor.as they look after the compliance

Mourad Halloumi
by Mourad Halloumi , مراقب عام للمصاريف العمومية , رئاسة الحكومة

 governance, risk management and control processes. This provides members of the boards and senior management with assurance that helps them fulfil their duties to the organisation and its stakeholders. All categories of risk, their management, including reporting on them.

 

 

Sita Rama Sarath Emani
by Sita Rama Sarath Emani , Internal Auditor , Dunes Industries LLC

Allowable, but essentally it is not advisable because it may impair or may be perceived to impair our independence, but safeguards must be put place, one safeguard is board over sight of the function to address the potential impairment of independence and the board may need to engage external assessor to provide assurance on the function for this particular case the risk management function, since it is not logical for the IA to audit the risk management function themselves if they are also responsible for risk management function . But ofcourse it cannot be long term eventually the risk function need to be craves out of the purview of the audit.

Abdulrahman Suleiman
by Abdulrahman Suleiman , Administration , Taraba Microfinance Bank (Nig) Ltd, No

Yes, by nature of the job of internal audit it will help the organization do well if they are allowed to set up the ERM unit because ensuring effective risk management liesz with the internal audit since the are more of ensuring policies are folowed.

Yakoob Ali Syed
by Yakoob Ali Syed , Project Manager , AFTECH BUILDING CONTRACTING LLC

Setting up of Enterprise Risk Management Office, I think, it should by Audit Committe or it should be oppinted by Board members.

Internal Audit are just involved in assessing and reporting to management through there reports

venkatakrishnan narayanan
by venkatakrishnan narayanan , Consultant , self employed

My answer is yes and No. Yes in the sense that Internal Audit is an integral tool to ensure internal controls which includes financial and business processes are in place by means of a continuous audit process . hence ERP , a powerful real time tool safeguard measure should also be subject to such scrutiny.

No in the sense Risk management is effective more so on a complete commitment by all concerned in managing the affair of the enterprise and hence Internal Audit is a watch dog to that extent.

ASIF ALI
by ASIF ALI , mep project manager , LAARC Enterprises Pvt Ltd

internal audit is the preparation of external audit thats point of view that affect

 

Asham Al Masri CIA CMA CFE CRMA CCSA CC
by Asham Al Masri CIA CMA CFE CRMA CCSA CC , Internal Audit Manager , Fadaat Media

As per the IIA, the Internal Audit may have a role in championing an ERM in an organization but with safeguards as a consultancy  activity, they may facilitate the establishment of the ERM function or advocate the Management and suggest an ERM Policy for Board Approval.

More Questions Like This