Professional Documents
Culture Documents
RISK MANAGEMENT
OPERATIONS AUDITING
RISK MANAGEMENT is “a process to identify,
assess, manage, and control potential events or
situations to provide reasonable assurance regarding
the achievement of the organization’s objectives” (The
IIA Glossary).
RISK MANAGEMENT
OPERATIONS AUDITING
Performance Standard 2120
Risk Management
RISK MANAGEMENT
OPERATIONS AUDITING
RISK MANAGEMENT PROCESS
RISK MANAGEMENT
OPERATIONS AUDITING
Step 1 – Identification of Context
RISK MANAGEMENT
OPERATIONS AUDITING
Step 1 – Identification of Context
RISK MANAGEMENT
Market risk
- Interest rates, foreign exchange rates, etc.
OPERATIONS AUDITING
Step 2 – Risk Identification
RISK MANAGEMENT
OPERATIONS AUDITING
Step 2 – Risk Identification
RISK MANAGEMENT
OPERATIONS AUDITING
Step 3 – Risk Assessment and Prioritization
RISK MANAGEMENT
OPERATIONS AUDITING
Step 3 – Risk Assessment and Prioritization
RISK MANAGEMENT
OPERATIONS AUDITING
Step 4 – Risk Response
RISK MANAGEMENT
OPERATIONS AUDITING
Step 4 – Risk Response
RISK MANAGEMENT
controllable risk.
OPERATIONS AUDITING
Step 5 – Risk Monitoring
RISK MANAGEMENT
OPERATIONS AUDITING
Step 5 – Risk Monitoring
1. Those closest to the activities, such as the manager of an
operating unit.
- However, because they design the strategy to mitigate risks,
they are not always objective.
2. The audit function.
- Analyzing risks and responses are among the normal
RISK MANAGEMENT
responsibilities of internal auditors, who should be objective.
OPERATIONS AUDITING
Step 5 – Risk Monitoring
RISK MANAGEMENT
OPERATIONS AUDITING
Responsibility for Aspects of Organizational Risk
Management
Risk management is a key responsibility of senior management and
the board.
• Boards have an oversight function. They determine that risk
management process are in place, adequate, and effective.
• Management ensures that sound risk management processes are
RISK MANAGEMENT
functioning.
OPERATIONS AUDITING
Responsibility for Aspects of Organizational Risk
Management
• The internal audit activity may be directed to examine, evaluate,
report, or recommend improvements.
- It also has a consulting role in identifying, evaluating, and
implementing risk management methods and controls.
RISK MANAGEMENT
OPERATIONS AUDITING
Responsibility for Aspects of Organizational Risk
Management
Risk management process may be formal or informal, quantitative or
subjective, or embedded in business units or centralized. They are
designed to fit the organization’s culture, management style, and
objectives. For example, a small entity may use an informal risk
committee.
RISK MANAGEMENT
OPERATIONS AUDITING
Internal Audit’s Role in Risk Management
Interpretation of Standard 2120
Risk management process may be formal or informal, quantitative or
subjective, or embedded in business units or centralized. They are
designed to fit the organization’s culture, management style, and
objectives. For example, a small entity may use an informal risk
committee.
RISK MANAGEMENT
OPERATIONS AUDITING
Internal Audit’s Role in Risk Management
Interpretation of Standard 2120
Risk management process may be formal or informal, quantitative or
subjective, or embedded in business units or centralized. They are
designed to fit the organization’s culture, management style, and
objectives. For example, a small entity may use an informal risk
committee.
RISK MANAGEMENT
Thank you!
ELIGEN H. SUMICAD JR., CPA
eligensumicadjr@gmail.com