Risk management

Providing assurance over risk management is a core element of the role of internal auditors. Understanding risk and risk management is also central to providing risk-based assurance. 

The guidance and resources on this page should be considered as a start point to your learning journey.

IPPF links | Guidance | Additional resources | Relevant position papers


 Main IPPF links

Core Principles 

4. Aligns with the strategies, objectives, and risks of the organization.
9. Is insightful, proactive, and future-focused.
10. Promotes organisational improvement.

 Core principles

2120 Risk Management  Implementation guidance
2210 Engagement Objectives: 2210.A1 Implementation guidance

Glossary

Risk | the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood 

Risk appetite | the level of risk that an organisation is willing to accept.

Risk management | a process to identify, assess, manage and control potential events or situations to provide reasonable assurance regarding the achievement of the organisation's objectives


Guidance A-Z

Chartered IIA
Basics of risk management Standards for managing risk Risk maturity assessment
Risk appetite - concept and theory Risk appetite - the board's role Risk appetite - the role of IA
Assessment of emerging risk Risk identification Reporting on risk
IIA Global 
Risk management process Risk management - ISO 31000 Creating maturity models

Additional resources 

Codes of practice | Financial services, private and third sector
FRC | Guidance on Risk Management, Internal Control and Related Financial and Business Reporting
IRM | Institute of Risk Management guides and insights 
IIA Australia | Auditing risk culture - a practical guide

IIA Australia | Agile risk management

Need help to find what you are looking for? ask the resources team


Risk Standards and Frameworks 

ISO 31000 is widely accepted although there is no formally recognised definition or approach to risk management and enterprise risk management. The reference list below (some require a purchase) provide different options for categorising risk to help identify, assess and evaluate it. 


Chartered IIA Position Papers

The role of internal audit in enterprise-wide risk management

Content reviewed: 20 December 2021