Enterprise Risk Management (ERM) Best Practices Review

Why is this important?

The Institute of Internal Auditors’ position paper on the role of Internal Auditing in ERM defines the importance of the Internal Audit (IA) function providing assurance on three areas:

1. Risk management processes, both their design and how well they are working;
2. Management of those risks classified as ‘key’, including the effectiveness of the controls and other responses to them; and
3. Reliable and appropriate assessment of risks and reporting of risk and control status.

Frequently Internal Audit has ownership of the ERM process. By the standards of the profession, this is acceptable as long as management owns the risk.

Value to the Client

When IA owns the ERM process, or they do not have the skills to perform the review of the ERM process, an independent third party can perform this function. Also, having a third party review will often uncover areas of concern that may not be apparent to the internal organization.

Why hire M&A?

M&A is familiar with ERM best practices. We provide ERM training through the Institute of Internal Auditors and develop self-assessment questionnaires and checklists that are tailored to your program and environment. We will provide you insight into the effectiveness of your ERM implementation and make best practices recommendations. We take pride in training your organization to take ownership of the process, a key element in effective strategy implementation.

Contact the M&A Risk Management Services Team at ENissley@macpas.com for more details, and subscribe to The RMC Advisors blog at www.theRMCadvisors.com to receive updates on relevant accounting and audit information!