Chapter 13
Role of Internal Audit in Enterprise Risk Management
Internal auditors are the “eyes and ears” of management in their role as specialists who visit all areas of an enterprise and report to the audit committee and management on the internal controls status of the operations visited. They have historically had ongoing concerns and interests in risk management. In particular, internal auditors have regularly assessed the relative risks of areas to be examined when planning their upcoming audit activities—deciding which areas or functions within an enterprise to select for internal audits. With limited time and internal auditor resources available for the many areas and activities in an enterprise to review, an internal audit department and its chief audit executive (CAE) should focus their time and attention on the riskier areas of the enterprise, deferring other audit review candidates for another time. We have used the term audit to refer to the multiple roles of internal auditors in both providing reviews and assessments of enterprise internal controls and often providing consulting services to management. Earlier risk assessment processes used for internal audit planning, however, were often informal and limited in scope. An internal audit function with the responsibility for reviews of multiple internal controls and operations throughout an enterprise often would decide which of these often activities to include in an annual audit plan based on concerns expressed ...
