What is Enterprise Risk Management (ERM) and what role in it does internal auditing play?
Enterprise Risk Management is a structured and coordinated entity wide governance approach to identify, quantify, respond to, and monitor the consequences of potential events. Implemented by management, ERM is evaluated by the internal auditors for effectiveness and efficiency. The practice of managing risk, which is a key element of governance, traditionally has been within individual business units and/or parts of business units; and to a lesser extent across the organization. Enterprise risk management (ERM) takes a broader portfolio approach and deals with risks and opportunities affecting the creation or preservation of organizational value.Enterprise risk management is defined as a process, effected by an entity s board of directors, management, and other personnel; applied in a strategy setting and across the enterprise; designed to identify potential events that may affect the entity; and manage risk to be within its risk appetite to provide reasonable assurance regarding the a
