Given the dynamic environment, the audit committee should take a close look at the company’s risk profile at least annually. Ideally, this review should be supported by an updated risk assessment by management. As the committee evaluates disclosure issues, an understanding of the key risks can provide valuable insights.
Topics: Enterprise Risk Management, Risk Assessment, Audit Committee & Board, Strategic Risk
The chief audit executive (CAE) and internal audit can play one or more of the following roles in conjunction with the implementation of enterprise risk management (ERM) in an organization.
Topics: Enterprise Risk Management, Internal Audit, Risk Assessment, Audit Planning, Strategic Risk
Many organizations have failed to keep pace with changing trends in risk and compliance. Resource allocation for many risk and compliance initiatives implemented under pressure of a crisis to demonstrate urgency and prioritization or regulators has proven to be unsustainable.
Topics: Enterprise Risk Management, Risk Assessment, Governance, Risk & Compliance, Strategic Risk, Agile Auditing
Organizations have learned many lessons over the years from specific financial crises. For example, if a chief executive ignores the warning signs posed by the risk management function, resists contrarian information suggesting the corporate strategy is either not working or losing relevance, or fails to consider critical risks when evaluating whether to enter a new market or consummate a complex acquisition, the shareholders and other constituents can end up paying a high price.
Topics: Enterprise Risk Management, Internal Audit, Audit Committee & Board, Strategic Risk
We all know that change is inevitable, but what can an organization do to keep its strategies and risk management capabilities on the same course as the ever-changing business environment?
Topics: Enterprise Risk Management, Corporate Governance, Audit Committee & Board, Strategic Risk
The digital revolution currently taking place is transforming our world. Over the next few years, many organizations will need to undertake radical change programs and, in some cases, completely reinvent themselves to remain relevant and competitive.
Topics: Internal Audit, Strategic Risk, Digital Transformation
What is the Second Line of Defense?
Essential to effective risk management, the lines-of-defense model is implicit in COSO’s internal control framework through the control environment, control, activities, monitoring and other components of an internal control system. It provides assurance to the board of directors, as the elected representatives of the shareholders to oversee the organization’s operations on their behalf, that risks are reduced to a manageable level as dictated by the organization’s appetite for risk. Much more than “segregating incompatible duties” and “ensuring checks and balances,” the lines-of defense model emphasizes a fundamental concept of risk management: From the boardroom to the customer-facing processes, managing risk is everyone’s responsibility.
Topics: Enterprise Risk Management, Corporate Governance, Internal Audit, COSO, Audit Committee & Board, Strategic Risk
Copyright pirates, brand impersonators, patent flouters and trade secret thieves are a major threat to businesses, given their increased aggressiveness towards intellectual property (IP) theft. These, and any other original creative works that have economic value and are protected by law, can be categorized as IP.
Topics: Enterprise Risk Management, Risk Assessment, Strategic Risk, Data Security, Performance Management/Measurement, Intellectual Property
Technology has greatly expanded the methods of creating, editing, maintaining, transmitting and retrieving records. From creation to disposition, records in electronic recordkeeping systems may now utilize a variety of media. An example of an electronic recordkeeping system is one in which a personal computer generates the original records, which are subsequently stored on a secondary electronic resource. While paper copies of the electronic records may be printed for distribution, the original records are transferred electronically.
Topics: Fraud, Risk Assessment, IT Risk, Strategic Risk, Document Retention, Performance Management/Measurement
Opportunity risk occurs whenever there’s a possibility that a better opportunity may become available after having committed to an irreversible decision.
We all experience opportunity risk at its most basic level several times a week. For example, imagine you have enough cash on you for lunch in a new town and you’re trying to decide between two restaurants you’ve never tried. What if you spend your time and money on the first option and it’s terrible? Or even maybe it’s not terrible, but the second option is just so much better?
Topics: Risk Assessment, Strategic Risk, Performance Management/Measurement, Budgeting, Cost Management
KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.
With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.
For more information:
