IIA issues new risk management standards

Daily news headlines

ALTAMONTE SPRINGS, FLORIDA - Two new best practice advisory papers on risk management have been released by the international industry standards body the Institute of Internal Auditors (IIA).

The IIA says the guidelines aim to help internal audit assess the effectiveness of risk management and provide a firm's management and audit committee with assurance that appropriate systems, controls and operational risk management is in place.

"Although these practice advisories refer to different standards, they are closely related, as assessing risk and providing assurance are primary functions of professional internal auditors," says Heriot Prentice, standards and guidance director at the IIA.

The first paper, entitled Using the risk management process in internal audit planning (practice advisory 1010-2), aims to align the goals of internal audit with the organisation as a whole, as well as provide for a more proportional, risk-based approach to internal audit priorities.

The IIA says the audit plan should focus on reporting unacceptable risks with minimal controls or management actions required to mitigate them, outlining the control systems on which the firm is most reliant, distinguishing areas with a large differential between inherent residual risks, and highlighting areas of high inherent risk.

The second paper, entitled Assurance maps (practice advisory 2050-2), addresses board-level responsibility for managing potential killer risks to the business, providing an 'assurance map' showing reporting lines to management, board and external stakeholders - investors, shareholders and regulators.

The guidance highlights the purpose of the map is to prevent redundancy, and avoid some risk areas falling through gaps in reporting and responsibilities. The IIA highlights the enterprise-wide scope of audit providing this assurance across senior management, compliance, external audit, risk management, healthy and safety departments, and other stakeholders.

Mapping should include significant risk categories, as well as categories for risk ownership, inherent risk rating, residual risk rating, external audit coverage, internal audit coverage and other assurance provider coverage.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Investment banks: the future of risk control

This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

Op risk outlook 2022: the legal perspective

Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…

Emerging trends in op risk

Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…

Moving targets: the new rules of conduct risk

How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…

Building resilience into ESG risk management

Risk and resilience continue to play an important role in the navigation of an increasingly uncertain world. Fusion Risk Management explores why it is equally crucial for technology to support organisations in addressing pertinent environmental, social…

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here