Question

In: Accounting

Enterprise Risk Management (ERM) is an activity undertaken by many organizations. Jiffy Sportswear, Inc., is a...

Enterprise Risk Management (ERM) is an activity undertaken by many organizations. Jiffy Sportswear, Inc., is a fast growing privately owned company that will soon issue its shares to the public and be subject to SEC jurisdiction. Its CEO wants to implement a corporate wide ERM program and asks you, the CAE, to counsel him on the following:

  1. Explain the purpose of ERM and how it may add value to the organization.
  2. What is the role of internal auditing with respect to ERM? Moreover, what should internal auditing refrain from doing with respect to ERM?
  3. Explain the concept of risk-based auditing and how it relates to ERM.

Solutions

Expert Solution

Answer to 1 : Enterprise risk management (ERM) is a process designed to anticipate and analyze potential opportunities and threats that could affect the achievement of the organization’s objectives and goal. This process is integral to the management and future direction of the organization, and should be structured, consistent, and continuous across the entire organization. ERM includes identifying, assessing, deciding on responses to, and reporting on strategic, human capital, compliance, operational, financial, and hazard-related exposures. These exposures include both ‘risks’ that might hinder an organization’s attainment of its strategic goals, and ‘opportunities’ that could help the organization to achieve its strategic goals.

Answer to 2 : As the organization’s risk maturity increases and risk management becomes more embedded in the operations of the business, internal auditing’s role in championing ERM may reduce. Similarly, if an organization employs the services of a risk management specialist or function, internal auditing is more likely to give value by concentrating on its assurance role than by undertaking consulting activities.

Internal audit “should perform at least some” of the seven risk consulting services as state below :

  1. Facilitating identification and evaluation of risks,
  2. Coaching Management in responding to risks
  3. Coordinating ERM activities
  4. Consolidated Reporting on Risks
  5. Maintaining and Developing the ERP Framework
  6. Champinioning establishment of ERM
  7. Developing ERM strategy for board approval

Internal auditor can play a big role in the effective implementation of ERM in an organization. They can: • Develop a risk-based internal audit programme. • Audit the risk processes across the organization. • Give assurance that risks are correctly calculated. • Evaluate the risk management process. • Provide assurance on the management of risk. • Report on the efficiency and effectiveness of internal controls. ERM supports better structure, reporting, and analysis of risks. Standardized reports that track enterprise risks can improve the focus of directors and executives by providing data that enables better risk mitigation decisions. The variety of data helps leadership understand the most important risk areas. These reports can also help leaders develop a better understanding of risk appetite, risk thresholds, and risk tolerances. ERM helps management to recognize and unlock synergies by aggregating and sharing all corporate risk data and factors, and evaluating them in a consolidated format.

As the organization’s risk maturity increases and risk management becomes more embedded in the operations of the business, internal auditing’s role in championing ERM may reduce. Similarly, if an organization employs the services of a risk management specialist or function, internal auditing is more likely to give value by concentrating on its assurance role than by undertaking consulting activities.

Answer to 3 :

Risk based internal auditing (RBIA) as a methodology that links internal auditing to an organisation's overall risk management framework. It allows internal audit to provide assurance to the board that risk management processes are managing risks effectively, in relation to the risk appetite.

Advantages

By following RBIA internal audit should be able to conclude that:

1. Management has identified, assessed and responded to risks above and below the risk appetite

2. The responses to risks are effective but not excessive in managing inherent risks within the risk appetite

3. Where residual risks are not in line with the risk appetite, action is being taken to remedy that

4. Risk management processes, including the effectiveness of responses and the completion of actions, are being monitored by management to ensure they continue to operate effectively

5. Risks, responses and actions are being properly classified and reported.

This enables internal audit to provide the board with assurance that it needs on three areas:

1. Risk management processes, both their design and how well they are working

2. Management of those risks classified as 'key', including the effectiveness of the controls and other responses to them

3. Complete, accurate and appropriate reporting and classification of risks


Related Solutions

Enterprise Risk Management. The enterprise risk management (ERM) framework was developed by COSO to provide managers...
Enterprise Risk Management. The enterprise risk management (ERM) framework was developed by COSO to provide managers a formalized methodology to evaluate risk in their businesses. Required: Explain how management would use the ERM framework to manage business risk.
Enterprise Risk Management (ERM) is directly related to auditing. Describe the relationship between ERM and auditing....
Enterprise Risk Management (ERM) is directly related to auditing. Describe the relationship between ERM and auditing. Why is ERM important to an organization?  
List and describe five key concepts that differentiate Enterprise Risk Management (ERM) from Traditional Risk Management...
List and describe five key concepts that differentiate Enterprise Risk Management (ERM) from Traditional Risk Management (TRM).
Summarize how implementing Enterprise-Wide Risk Management (ERM) can relate to accountability and profitability.
Summarize how implementing Enterprise-Wide Risk Management (ERM) can relate to accountability and profitability.
Discuss enterprise risk management (ERM) in its most current form and how it has evolved to...
Discuss enterprise risk management (ERM) in its most current form and how it has evolved to assess risk management in today's environment.
Discuss enterprise risk management (ERM) in its most current form and how it has evolved to...
Discuss enterprise risk management (ERM) in its most current form and how it has evolved to assess risk management in today's environment.
One activity historically undertaken by local government tourism organizations is that of marketing. In established and...
One activity historically undertaken by local government tourism organizations is that of marketing. In established and popular destinations, should spending on marketing and promotion now be left in the hands of the private sector, which are the businesses that gain from tourism spend. Discuss Simple discussion, about 200-400 words
What distinguishes enterprise risk management from more traditional approaches to risk management?
What distinguishes enterprise risk management from more traditional approaches to risk management?
The purpose of the COSO Enterprise Risk Management framework is A) to improve the organization's risk...
The purpose of the COSO Enterprise Risk Management framework is A) to improve the organization's risk management process. B) to improve the organization's financial reporting process. C) to improve the organization's manufacturing process. D) to improve the organization's internal audit process
Discuss why and how either an FRM (financial risk management) or an ERM framework might benefit...
Discuss why and how either an FRM (financial risk management) or an ERM framework might benefit a company like Blue Wood.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT