Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Auditing Your ERM Program

Dan Swanson | May 6, 2008

Everyone talks about the need for good risk-management programs, but nobody seems to know how to audit them to ensure they actually work.

Who bears responsibility for setting the parameters of an ERM program is pretty clear: the board of directors and the C-level executives. They decide what the risks are, what level of risk they’re willing to tolerate, and what risks they do not want to tolerate. They are responsible for monitoring and responding to ERM outputs and obtaining assurance that the organization’s risks are acceptably managed within the boundaries specified. Also remember that risk management is not an end in itself; it has value only if it assists a company to achieve its business objectives over the long term.

Internal auditors, in both their assurance and consulting roles, contribute to ERM in a variety of ways. They spend most of their time assessing how effectively management has responded to key risks by...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.