DQ1: 7 Essential Elements of Enterprise Risk Management and the Role of Internal Audit
DQ2: The five elements of a fraud and corruption management program are each very important. However, of those five, do you think any is particularly critical (more than the others) to the success of the program?
DQ3: Those nine points seem rather self-explanatory, in my view, except for #8. What does Harb and Morley have in mind with that one? (#8. Use risk registers to scope internal audit assignments)
DQ4: What might be some drawbacks to the "one minute" risk management approach?© BrainMass Inc. brainmass.com October 5, 2022, 5:19 pm ad1c9bdddf
SOLUTION This solution is FREE courtesy of BrainMass!
DQ1. 7 steps to effective enterprise risk management
1. Management's role: Management should engage in qualitative risk assessment and prioritization
2. Setting the context: The context should be set which links company's mission and objectives to the management of risks
3. Identify and prioritize enterprise risks: Identify and categorize risks into different areas. Each risk category should have different mitigation strategies.
4. Choose tools for risk identification and assessment: Both qualitative and quantitative risk assessment tools should be used
5. Consider potential outcomes
6. Evaluate how existing systems mitigate risk: This to identify where intervention of management systems and processes are required.
7. Link ERM to overall governance, risk and compliance
The role of internal auditors in ERM is to provide objective analysis feedback to the management on effectiveness of enterprise risk management. It provides assurance that major business risks are being managed effectively and internal control framework operates efficiently.
DQ2. The review of policy for fraud and corruption management program is very important to ensure its continuous relevance. Since risks are continuously changing, it is important to ensure that existing policy procedures are comprehensive to deal with fraud and corruption risks. The policy should be continuously reviewed and updated for conformance with new requirements of the organization.
DQ3. When internal auditors develop internal audit plan they have to consider risk registers to make sure that they are systematic, accurate and complete. Some organizations use risk registers to document risks that are below strategic level. It provides documentation of risks and risk ratings. From risk registers, an alignment of risk categories and aspects which are defined in risk registers. The internal audit assignment would then make use of this alignment to describe the scope of the audit to ensure that each risk is appropriately controlled and monitored.
DQ4. The one-minute risk assessment tool is used to proactively determine what risks can affect the project. For example, what would happen if customer interface is increased. The tool can be provided to key stakeholders in a project to bring out different views to the project. The disadvantage of this tool is that it is too simple to take into account all risks that could actually exist in a project. The tool is not appropriate to be used by all companies. It is a very quick way of finding overall project risk which reaches its limit when a detailed risk analysis is performed.
Practical guidance: seven steps for effective enterprise risk management. (n.d). Retrieved from http://accelus.thomsonreuters.com/sites/default/files/Seven-Steps-to-Enterprise-Risk-Management.pdf
The role of internal auditing in enterprise-wide risk management. (2009). Retrieved from https://na.theiia.org/standards-
Internal audit risk assessment and audit planning. (2011). Retrieved from http://www.theccia.org/wp-content/uploads/attachments/IA%20Risk%20Assessment%20handouts.pdf
Tiwana, A. & Keil, M. (2004). The one-minute risk assessment tool. Retrieved from http://is2.lse.ac.uk/asp/aspecis/20110171.pdf© BrainMass Inc. brainmass.com October 5, 2022, 5:19 pm ad1c9bdddf>