In order to achieve the objectives, one must to analyze the risk via enterprise-wide risk management. According to the Institute of Internal Auditor or the IIA, enterprise-wide risk management refers to the process conducted by management to understand and deal with risks and opportunities (uncertainties) that could affect the organization’s ability to achieve its objectives (IIA Chapter 4).
Due to complexity of business nature, risk also evolves into five types, which are strategic, compliance, operational, financial, and reputational …show more content…
According to IIA position paper, the three categories of roles internal audit in enterprise-wide risk management are the foundation part of internal auditing in concern to ERM, legitimate internal audit roles with safeguards, and roles internal audit should not undertake (IIA 4). Each category has at least five assurance activities that support organization’s risk management and governance processes. The foundation part of internal auditing in concern to ERM is crucial part to accommodate objective assurance to the board and management level on the performance to maintain risk. After the three categories have been explained, question may rise up, what are the ramifications if internal audit assumes roles it is being advised against taking? It simple said the company or organization will not achieve their objectives. The consequences are ranging between small and large impact to the company that could lead to loss profit or even