In an environment of growing risk, the adoption of enterprise risk management (ERM) has increased in importance. But while ERM has progressed far in many organisations, at some companies, initiating and implementing it is still a challenge. How can ERM be introduced at companies where it doesn’t exist, and nurtured in organisations where ERM structures and processes are in place? One key to answering these questions might be finding a champion.

Managing risk was front and centre recently at a series of recent roundtable discussions held jointly in the United States by the Center for Audit Quality and The Institute of Internal Auditors. Attended by internal auditors, external auditors, and audit committee chairs, the roundtables provided these parties an opportunity to talk about their roles and responsibilities, their major challenges, and leading practices. The overall aim was to explore how the three groups could leverage and strengthen their nexus of relationships to improve risk governance and external audit at the organisations they serve.

Throughout these conversations, solid agreement formed around the idea that a company’s approach to risk must be entity-wide and holistic, not siloed or transactional. Yet developing this approach isn’t always easy. For example, as observed at the roundtables, risk management may be strong in many departments, groups and locations – but still remain inadequate at the entity level.

Jul-Sep 2015 Issue

Center For Audit Quality (CAQ)