Leveraging Risk Management Frameworks

Created by

Jinny D

Cards (8)

What is the first step IA should take when identifying a risk management framework?
To examine other risk management frameworks in use throughout the organization, to avoid the need to create or deploy one from scratch.
If there aren’t other viable frameworks in use, what options can the organization choose from?
Using third-party frameworks such as COSO ERM.
Developing their own framework in-house.
The internal audit activity cannot give objective assurance on any part of a risk management framework it has designed.
What activities do most IA functions perform to help prioritise risks according to the achievement of goals and objectives?
Annual and engagement risk assessment activities
What benefits does performing annual and engagement risk-based assessments have at the macro and micro level?
At the macro level, these activities help with developing a proposed audit plan to submit to the board.
At the micro level, these activities help prioritize the scope of audit work and assurance being provided by IA engagements.
What may be used to prioritize audit engagements in the risk assessment activities?
An assurance map
What is an assurance map?
It is a matrix comprising a visual representation of the organization’s risks and all the internal and external assurance providers that cover those risks. It may be used to coordinate the timing and scope of activities or as a basis for discussing whether reliance on other assurance providers would be appropriate. Senior management may also use the map to ensure that risk management and internal control functions are properly aligned and effectively monitored.
What are the 5 steps of assurance mapping?
Identifying sources of risk information.
Organizing risks into categories for consolidated viewing.
Identifying assurance providers.
Gathering information and documenting assurance activities by risk categories.
Periodically reviewing, monitoring, and updating the assurance map.