Assessing The Adequacy Of Risk Management Using ISO 31000 (Practice Guide)
Each organization should have a risk management framework designed to suit its specific environment. This Practice Guide demonstrates three approaches to assurance of the risk management process.
Practice Guides provide detailed guidance for conducting internal audit activities. They include detailed processes and procedures, such as:
- Tools and techniques
- Step-by-step approaches
- Examples of deliverables
Practice Guides are part of The IIA's International Professional Practices Framework (IPPF). As part of the Strongly Recommended category of guidance, compliance is not mandatory, but it is strongly recommended and the guidance is endorsed by The IIA through a formal review and approval process.
The use of enterprisewide risk management frameworks has expanded as organizations recognize the advantages of coordinated approaches to risk management. The risk management framework must be designed to suit the organization: its internal and external environment. To address this need, The IIA has released a new practice guide titled Assessing the Adequacy of Risk Management Using ISO 31000.
This guide details three approaches to assurance of the risk management process:
- A Process Elements approach
- An approach based on Principles of Risk Management
- A Maturity Model approach
The assurance process that is used should be tailored to the organization’s needs. Internal auditors should have a means of measuring the effectiveness of risk management in an organization and forming a conclusion on the organization’s level of risk management maturity. One of the key criteria that internal auditors should consider is whether there is a suitable framework in place to advance a corporate and systematic approach to risk management.
This practice guide uses ISO 31000 as a basis for the risk management framework. Other frameworks may be used to perform the risk assessment. This guidance does not imply implicit or explicit endorsement of this or any other framework.
Item Number: 10.1079