Skip to Content

The Role of Internal Auditing in Enterprise-wide Risk Management

January 2009

Position Papers The IIA janv. 15, 2009

The Role of Internal Auditing in Enterprise-wide Risk Management

ERM is a structured, consistent, and continuous process applied across the organization that identifies and assesses risks, as well as decides on responses to and reports on opportunities and threats that affect the achievement of objectives. The principles presented in this paper can be used to guide the involvement of internal auditing in all forms of risk management, but it is primarily intended to address ERM, as this is most likely to improve an organization’s governance processes.

The IIA

The Institute of Internal Auditors