ERM-BASED AUDITING

Abstract

Internal auditing has received renewed attention since the recent corporate governance and accounting scandals. The measures put in place to monitor corporate governance have now expanded to include total enterprise risk management (ERM). This provides an opportunity for internal audit to be more effective - to provide assurance and perhaps consulting roles for ERM-based auditing without risking internal auditors' independence and objectivity. Combining ERM with auditing in an effective and seamless manner will yield ERM-based auditing. ERM-based auditing activities include: 1. Establish and communicate the objectives of the organization. 2. Determine the risk appetite of the organization. 3. Establish an appropriate risk management framework. 4. Identify risks or events that will prevent management from meeting its objectives. 5. Assess the impact and likelihood of the risk occurring. 6. Select and implement responses to the risks. 7. Conduct control and other response activities that will mitigate the risks.