Providing assurance over risk management is a core element of the role of internal auditors. Understanding risk and risk management is also central to providing risk-based assurance.
The guidance and resources on this page should be considered as a start point to your learning journey.
4. Aligns with the strategies, objectives, and risks of the organization.
|2120 Risk Management||Implementation guidance|
|2210 Engagement Objectives: 2210.A1||Implementation guidance|
Risk | the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood
Risk appetite | the level of risk that an organisation is willing to accept.
Risk management | a process to identify, assess, manage and control potential events or situations to provide reasonable assurance regarding the achievement of the organisation's objectives
|Basics of risk management||Standards for managing risk||Risk maturity assessment|
|Risk appetite - concept and theory||Risk appetite - the board's role||Risk appetite - the role of IA|
|Assessment of emerging risk||Risk identification||Reporting on risk|
|Risk management process||Risk management - ISO 31000||Creating maturity models|
Codes of practice | Financial services, private and third sector
FRC | Guidance on Risk Management, Internal Control and Related Financial and Business Reporting
IRM | Institute of Risk Management guides and insights
IIA Australia | Auditing risk culture - a practical guide
IIA Australia | Agile risk management
ISO 31000 is widely accepted although there is no formally recognised definition or approach to risk management and enterprise risk management. The reference list below (some require a purchase) provide different options for categorising risk to help identify, assess and evaluate it.