Skip to Content

Practice Guide: Coordinating Risk Management and Assurance

Guidance | March 03, 2012

Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. Contact copyright@theiia.org for permission to use our materials.

Risk management* is fundamental to organizational control and critical to providing sound corporate governance. It touches all of the organization’s activities. The establishment of an effective enterprise-wide risk management system is a key responsibility of management and the board; which are responsible for adopting a holistic approach to the identification of organizational risks, creating controls to mitigate those risks, and monitoring and reviewing the identified risks and established controls. They should ensure that risk management is integrated into the organization, at both the strategic and operational levels.

Standard 2050: Coordination states, “The chief audit executive [CAE] should share information and coordinate activities with other internal and external providers of assurance and consulting services to ensure proper coverage and minimize duplication of efforts.” This responsibility requires the CAE’s inclusion and participation in the organization’s assurance provider framework. This framework can consist of internal audit, external audit, governance, risk management, or other business control functions/disclosures performed by the organization’s management team. Inclusion and participation in this framework helps ensure that the CAE is aware of the organization’s risks and controls in relation to organizational goals and objectives.

*Under Review: This practice guide contains some outdated material and references. It remains available while a review is underway. 

The IIA

The Institute of Internal Auditors