The Role of Internal Auditing in Enterprise-wide Risk Management
ERM is a structured, consistent, and continuous process applied across the organization that identifies and assesses risks, as well as decides on responses to and reports on opportunities and threats that affect the achievement of objectives. The principles presented in this paper can be used to guide the involvement of internal auditing in all forms of risk management, but it is primarily intended to address ERM, as this is most likely to improve an organization’s governance processes.