August 2013
Intermediate to advanced
288 pages
6h 34m
English
Content preview from Auditing the Risk Management Process
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
4
RISK APPETITE
When the chief audit executive believes that senior management has accepted a level of residual risk that may be unacceptable to the organization, the chief audit executive should discuss the matter with senior management.
IIA Standard 2600
INTRODUCTION
The topic of risk appetites goes to the heart of the relationship between the board, management, and the internal auditor. The board sets a so-called risk appetite, which management subscribes to by installing suitable controls to contain risk. Meanwhile, the internal auditor will furnish objective reports on the system of internal control. These audit reports will review the extent to which residual risk, after taking account of controls, is acceptable, and that in turn means whether this risk falls in line with the defined risk appetite. This dependency cycle is extremely important and hinges on respective perceptions of risk appetite. Bearing this in mind, Sawyer has already set the challenge for the internal auditor:
Every entity is subject to its own inherent risks and the internal auditor should catalogue them for use in risk assessment. The internal auditor's position as part of the organization offers an opportunity to observe inherent risks over an extended time period. The internal auditor should be aware of the differing inherent risks present in different parts of the organization.1
The challenge, then, for the audit world is simple: To help get ERM in place and working well:
The internal audit activity ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.