Chapter 8Independent Appraisal of EROM Processes and Results to Assure the Adequacy of Internal Controls and Inform Risk Acceptance Decisions

Given the complexity of the risks and opportunities that attend TRIO enterprises and the federal government's recent emphasis on applying EROM to the development, validation, and management of internal controls, independent evaluation of EROM processes and results is highly recommended. Such independent evaluations serve several purposes:

  • In the case of federal agencies, they provide assurance to the executive and legislative branches of the government that significant risks and opportunities are recognized and are being effectively addressed.
  • In the case of commercial enterprises, they provide the same assurance to the company's stockholders and creditors.
  • In both cases, they provide the TRIO enterprise itself with a sense of assurance that decision making at all levels of the organization is being conducted in an informed, objective, and fully integrated manner.

8.1 Background

8.1.1 OMB Motivation

The updated version of OMB Circular A-123 (2016), in a subsection entitled: “Role of Auditors in Enterprise Risk Management,” states that: “Internal or external auditors conduct independent and objective audits, evaluations, and investigations of an Agency's programs and operations, which includes aspects of the internal control and risk management systems.” Independent evaluation is stated as having special value, as follows: “Management ...

Get Enterprise Risk and Opportunity Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.