Coordinating Risk Management and Assurance, Supporting Standard 2050
To support members in accurately interpreting and effectively complying with The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), The IIA produces practice guidance related to specific Standards.
The IIA has released its latest Practice Guide to help leaders understand how to effectively coordinate risk management and assurance activities among constituencies and across organizational functions.
Risk management is fundamental to organizational control and critical to providing sound corporate governance. It touches all organizational activities. The establishment of an effective enterprise-wide risk management system is a key responsibility of management and the board; which are responsible for adopting a holistic approach to the identification of organizational risks, creating controls to mitigate those risks, and monitoring and reviewing the identified risks and established controls.
They should ensure risk management is integrated into the organization, at both strategic and operational levels.
Standard 2050: Coordination states, “The chief audit executive [CAE] should share information and coordinate activities with other internal and external providers of assurance and consulting services to ensure proper coverage and minimize duplication of efforts.”
This responsibility requires the CAE’s inclusion and participation in the organization’s assurance provider framework. This framework can consist of internal audit, external audit, governance, risk management, or other business control functions/disclosures performed by the organization’s management team. Inclusion and participation in this framework helps ensure the CAE is aware of the organization’s risks and controls in relation to organizational goals and objectives.
As part of the IPPF, this practice guide utilizes the fundamental principles established by the Standards to provide a process for valuing the work of others and assessing the reliability of assurance providers. Ultimately, responsible coordination attracts greater reliance on internal audit, decreasing the cost of compliance and increasing the efficiency for providing assurance.
IIA Practice Guides provide guidance for conducting internal audit activities. They represent strongly recommended guidance that includes detailed processes and procedures such as tools and techniques, programs, and step-by-step approaches for effective implementation of The IIA’s mandatory guidance.