Internal Audit: First line of defense?

Recently I had the honor of moderating a session on “Internal Audit: The first line of defense”. The panel consisted of: A head of internal audit/ CRO A CRO A risk professional and A Risk advisory partner from a big 4. Some of the insights from the session are: Internal Audit is the Third line […]

Continue Reading

1130 – Impairment to Independence or Objectivity

IIA has revised standards on internal auditing. The revised standards become effective from January 2017. One of the new year resolution of Internal auditor should be to update their internal audit practices and procedures, including internal audit charter to reflect the changes done in in the IPPF. See here 1130.A3 – The internal audit activity may […]

Continue Reading

Right to Audit – Clause

As part of Risk Management, organisation are becoming more forceful to have the Right of Audit Clause incorporated into their agreements with Customers, vendors, partners. Why it is important for organization to have the clause incorporated? A. Organization wants vendor to ensure that: No harm is being done to environment while providing goods and services […]

Continue Reading

Where is Risk in Audit Committee Agenda?

“Audit Committee Members don’t understand the risk. Promoters feel that Audit Committee are too much into finance. The Independent directors forming audit committee are retired person from government or retired partners from professional firms. They think only about finance and missing the bus for emerging risks. They are not geared up for thinking in terms […]

Continue Reading

What is Risk Appetite?

What is risk appetite? What does it mean? This question has set the ball rolling in an informal group of risk professionals. Everyone has a view on the same. Some views were borrowed from financial industry, some view were created/ adapted for non-financial industries. One of the reason of confusion is analogy of appetite with […]

Continue Reading

ERM FAQ 5 – Risk Response: What are risk response?

Businessdictionary.com defines risk response as “Appropriate steps taken or procedures implemented upon discovery of an unacceptably high degree of exposure to one or more risks. Also called risk treatment.” The purpose of risk response is to bring the risk to the acceptable level of Risk Appetite. Risk response is connected with Risk appetite that in […]

Continue Reading

ERM FAQ-4 -Risk Assessment

Question 4: Risk Assessment? Organization need to find the factors that are giving rise to risk to the goals of the organization. Risk Assessment comprises of processes for: Identifying Analyzing and Evaluating risks. Risk Identification: Organization can use varieties of techniques for risk identification. These techniques can be used either in isolation or in combinations. Following […]

Continue Reading