The Institute of Internal Auditors
Sinopse: An organization’s risk management efforts are often collectively referred to as its risk management program. However, the term “program” can be interpreted as limited, or finite.
This practice guide treats risk management as a process, rather than a program, implying that it is a continuous effort and ongoing function.
In many jurisdictions, the board is charged with overseeing that a risk management process is in place and effectively responds to the changing risk landscape. In turn, the chief audit executive (CAE) and the internal audit activity are expected to provide independent assurance that the organization’s risk management processes are effective, according to Standard 2120 – Risk Management, which lists several criteria for making such an assessment.
Assessing an organization’s risk management processes is a growing challenge as numerous risk management standards, frameworks, and models exist, and new ones are frequently introduced.
Risk management may encompass the policies, procedures, and controls that ensure adequate, timely, and continuous identification, assessment, treatment, monitoring, and reporting of risks to the organization.
