- Published: October 21, 2022
- Updated: October 21, 2022
- University / College: Texas A&M University
- Level: Ph.D
- Language: English
- Downloads: 34
Role of Internal Audit in Enterprise-Wide Risk Management Role of Internal Audit in Enterprise-Wide Risk Management Risks are unavoidable enterprise elements and their management and control is relevant at all times. While it may be potentially hard to establish the exact methods that organizations use to respond to the dangers associated with the potential risks, it is necessary to establish a framework that can enhance the foundation of proper decision-making. This articles reflects on the roles that internal audit plays in enterprise-wide risk management (ERM) against the backdrop why ERM is necessary, functions of internal audit within organizations as well as the ramifications attached to its assumptions as a general risk management practice.
ERM’s role within organizations is the provision of a reliable framework under which the methods and the processes essential in the management of risks are outlined. Expounding the same, it is a reliable tool expressing clearly the organizational objectives putting into consideration a balance between the potential risks and their rewards (Barton et al., 2002). In its capacity, the primary importance of ERM in business premises is the provision of an assurance that eventually enables organizations to effectively control the risks and maximize opportunities.
As a case example risk management at PricewaterhouseCoopers (PwC) reveals that if done and managed effectively, ERM impacts significantly in value addition, sound response to change as well as maintaining a steady improvement and enhancing adequate response to changes (Simkins & Ramirez, 2008). Although it cannot be quantified numerically, the assumption of ERM inclusion in any organization is expected to have a negative impact since a robust framework that decisions can be based upon is not provided. In turn, risk management becomes a challenge, as there is no reliable tool to balance and mitigate the process.
Internal audit relevance in enterprise-wide management is embedded on three categories of roles, which are distinct, and the executive should remain aware of. The first category concerning ERM embarks on assurance, followed by risk management evaluation while the third category involves the management review of the key risks (Institute, 2004). As an indispensable part under ERM, internal auditing serves as a consultant and in turn; the physical duty to manage risks is left as a management’s responsibility. The relevance of the distinctions is providing a controlled process under which the management will be helped to set up and improve the crucial processes. It serves more of an advisory as opposed to actual risk management support.
Internal audit is also limited in its undertakings. A boundary line exists as a control defining its specific roles in ERM as well as what it is limited to. Consequently, engagement in more than the specified roles can have resultant effects, which might be damaging and affect decision-making. As Gramling & Myers (2006) notes, taking decisions on risk responses leads to conflict of processes as it is the management’s responsibility to manage risks. Similarly, it should set its risk appetite as it is well positioned to evaluate its risk response capacities.
As an objective assurance and consulting activity, ERM is an independent entity with the management and its roles are limited to consultancy to improve governance. In spite of that, these roles can stretch as long as there are control measures to ensure that extending beyond its operational circumference does not affect its positive input as a dependable mechanism. Internal audit can assume other responsibilities beyond its limits in assurance and consultancy practices as long as the specifics of the management are not interfered with.
In conclusion, risk management is an integral part of business management, which is made more relevant by enterprise-wide risk management due to its structured and coordinated approach. In order to ensure the management is applying risk mitigation strategies effectively, assurance is necessary and this becomes the core role of internal auditing in ERM as reflected in the discussion above.
Barton, T. L., Shenkir, W. G., & Walker, P. L. (2002). Making enterprise risk management pay off. FT Press.
Gramling, A. A., & Myers, P. M. (2006). Internal auditings role in ERM.
The Institute of Internal Auditors. (2004). The Role of Internal Auditing in Enterprise-wide risk management. Doc
Simkins, B. J., & Ramirez, S. A. (2008). Enterprise-wide risk management and corporate governance. Loyola University Chicago Law Journal, 39.