Identifying, assessing, and managing an organization’s risks are among the top priorities of management, audit committees, and shareholders. The scope of internal audit’s responsibilities include ensuring that management and the board properly understand the business risks faced by the organization, as well as helping develop an appropriate risk-based audit approach to provide independent assurance that the organization’s risk management, governance, and internal control processes are properly designed and operating effectively. The amount of resources dedicated to these inherent risk areas is governed by the risk tolerance level of an organization’s management, audit committee, and board of directors.
Excerpt from the full copy of