APPENDIX A

APPLYING AN ERM DIAGNOSTIC TOOL

Each chapter of the book has described key aspects of risk management and the implications for internal auditing in terms of providing a suitable audit cover. Various models have been developed to help explain some of the issues at hand. Each chapter has been prepared to isolate key issues and describe the way various factors are interrelated to form a picture of the entire risk management concept. The final chapter attempted to pull some of the main issues together in a holistic and integrated framework. Appendix A takes on board a great deal of the material from the main chapters and builds a comprehensive checklist that can be used by auditors to assess where the organization stands in terms of implementing ERM. A separate checklist addresses the audit approach and may be used to judge where auditors stand in terms of auditing the ERM process. Together, the two checklists can be used as a general diagnostic tool or benchmark against which to judge the state of risk management and decide where to focus the audit resource for best results.

We start this appendix by setting out a comprehensive model that can be applied to auditing the risk management process. Each aspect of this model is addressed by the two checklists that follow the model. The more detailed checklist consists of 11 main elements with 150 questions and is designed to measure the effectiveness of the ERM process. The shorter checklist has 10 main elements and some 50 questions, ...