Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What is Enterprise Risk Management (ERM) and what role in it does internal auditing play?

user-image
Question added by Riaz Ahammed , Financial Accountant , UTC Climate Controls & Security
Date Posted: 2015/09/13
SHAHIN KHAN
by SHAHIN KHAN , Procurement Officer , Beauty Room Salon & Spa

ERM can be described as a risk-based approach to managing an enterprise, integrating concepts of internal control, the Sarbanes–Oxley Act, and strategic planning. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.

 

"Internal auditing's core role with regard to ERM is to provide objective assurance to the board on the effectiveness of an organization's ERM activities to help ensure key business risks are being managed appropriately and that the system of internal control is operating effectively."

The key here is being able to maintain the internal auditor's independence and objectivity.

 

The internal audit function can help identify, review, and provide recommendations for key controls associated with the project and can provide assurance that the ERP system will support business processes and enforce business controls on an ongoing basis. The use of collaborative internal auditors on all critical phases of an ERP project is the best approach to increasing the likelihood of a successful ERP deployment. Throughout an ERP implementation,

internal audit can help identify and communicate risks by having them addressed throughout the project instead of as an afterthought. By understanding the major phases and objectives of an ERP implementation, internal audit can objectively raise issues that, if overlooked, could jeopardize a project’s success. Internal auditors can also articulate the risks from a management perspective.

 

Success for ERP implementations, like all projects, is not determined solely by whether the project was completed on time and on budget. The quality of the final product and its alignment with management’s desired objectives have long-lasting impact beyond the initial project costs. Fixing errors after the system goes live is more costly than correctly implementing the system in the first place. Throughout the implementation, internal audit should have a vital role in verifying that project controls and best practices are followed. This role greatly reduces the risk of failure resulting from poorly defined methodologies or weak enforcement of project controls.

An ERP system is usually the system of record for most of an organization’s accounting function. It is critical that the system enforces controls for every relevant business process. For this reason, the organization needs to focus on meeting project management (PM) and software development life cycle (SDLC) controls requirements while also considering appropriate business process controls for the design and operation of the ERP system.

 

Deleted user
by Deleted user

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

Jamal Ahmad MBA CPA Qualified
by Jamal Ahmad MBA CPA Qualified , CHIEF ACCOUNTANT , SAMI Advanced Electronics Company (AEC)

Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.

 

internal Audit keeps a check on the effectiveness of the functions of the organization by giving strength to ERM.

Dipak Giri
by Dipak Giri , Senior Executive - Commercial Project Manager , Siemens Ltd

Enterprise Risk Management (ERM) system is a company wide framework of methods and processes used to manage risks and seize opportunities related to the achievement of business objectives.  By ERM risks are managed in an efficient and effective manner that supports the achievement of business objectives and also decision making is more effective throughout the business since material risks are already highlighted.  Internal audit plays a very important role by providing a degree of assurance to ERM system by ensuring that the financial reporting is reliable and laws and regulations are complied with.

Anjana Narayanan
by Anjana Narayanan , Internal Auditor , Sharjah Electricity Water & Gas Authority

As the name suggests Enterprise Risk management is the management of Risks. Every enterprise faces internal and external risks. These risks can be either threats or opportunities. A good management will have a system of anticipating these risks, planning the actions and mitigating those risks. ERM is a continuous process which has to be assessed and analyzed to keep the enterprise pro active in these changing environments. Every enterprise should have an ERM as the management have a responsibility towards the stakeholders. Unless there is an ERM, the management will not be ready to face the consequences of changing business scenarios leading to losses.  Internal Audit department plays an important role in ERM as they help in improving ERM framework.

Yusuf Noorkhanji
by Yusuf Noorkhanji , Group Operational & Financial Auditor , Hepworth Plastics ME & Cory's Packaging LLC

Enterprise Risk Management is a very broad concept. To put in brief, it aims to list down all the risk the organisation is or may be exposed to and reduce the impact of the risks identified through implementation of control process, governance structures and setting up policies and procedures.

Internal Audit Plays a key role in identifying such risk and conducting the risk based audit reviewed and testing the controls implemented to provide a level of comfort (or discomfort) to the Board as to whether the current framework of internal controls are sufficient to meet the objectives of the organisations Risk Management objectives.

 

Also, since the internal auditors are independent of operations, they play a key role in keeping the management and the board with the most objective assessment of audit areas tested.

imran Noor -
by imran Noor - , Audit Officer , Auditor General of Pakistan

ERM is a comprehensive risk management program in an organization that creates a sense of risk management at every level of the organization and integrated in all business processes. In ERM every employees participates in risk awareness which ultimately contribute in identifying, assessing, monitoring, managing and reporting risks. It is an integrated, structured and continuous process of risk management throughout the organization.

Internal audit plays a vital role in developing and implementing ERM in an organization. The internal audit not only helps to design internal controls but also helps in assessment of their efficiency and workability throughout assessment period. It helps to promote awareness of risk management in an organization. 

Ajay Gupta
by Ajay Gupta , Senior Manager-Risk Management & Internal Audit , GEMS Education

While there are numerous books and journals on ERM, but in simple terms ERM is a logical approach to conduct an audit. Following ERM makes it more sensible for the internal auditor to identify what needs to be audited in more detail and convinces the auditee (management) to appreciate the need for an otherwise unwelcome internal auditor in their premises.

ERM asks you to identify all possible risks that the Company, its business and its people are exposed to. On a step by step basis, the first step is to capture all such possible risks. These are done under discussion with top management and head of departments irrespective of what controls already exist. As  second step, the existing controls are mapped against the documented risks from first step. As a 3rd Step, the adequacy of such controls is assessed. Let me remind you that this exercise is still being carried within the audit room as we are yet to initiate the field work. The step is to create Test of Controls through which we are trying to assess the existence and adequacy of the controls in place to ensure that these are able to address the identified risks adequately or not. If yes, you are good to go. If not, either you increase your testing to identify other mitigating control procedures under discussion with management OR report that the Organisation is exposed to such risk and the controls either donot exist or are inadequate.

There could be situations where even after the best of controls being put in place, the Organisation is still exposed to some degree of risk which it cannot address e.g. geographical factors, political factors, human limitations, etc. These risks are termed as Remaining Risks and the Management agrees that these cannot be done away with OR proposes some mitigating actions or safeguards.

Muhammad Junaid
by Muhammad Junaid , Financial Controller , Global Group of Companies

ERM is a structured, consistent and continuous process across the whole organization for identifying, assessing, managing and reporting on opportunities and threats that affect the achievement of its objectives.

Internal auditing is an independent, objective assurance activity. Its main role with regard to ERM is to provide objective assurance to the board on the effectiveness of risk management.

FEVIN PAIVA
by FEVIN PAIVA , Assistant Manager , Operations and Accounts , SHRIRAM GENERAL INSURANCE CO LTD

Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.

 

while this rule is appalicable for the time of companys internal auditing measurments 

saif raza assu
by saif raza assu , accounts and hrm , Al Jubail Mall

internal auditor should pay attention on previous record and newly assets.and after analysis he issued a report

More Questions Like This