CHAPTER 18 - RISK MANAGEMENT FUNCTIONS OF INTERNAL AUDITING
29. Functions of Internal Auditing with respect to risk management
(1) The role of the Internal Auditing in risk management is to provide an independent, objective assurance on the effectiveness of the Institution’s system of risk management.
(2) Internal Auditing must evaluate the effectiveness of the entire system of risk management and provide recommendations for improvement where necessary.
(3) Internal Auditing must develop its internal audit plan on the basis of the key risk areas.
(4) In terms of the International Standards for the Professional Practice of Internal Audit, determining whether risk management processes are effective is a judgment resulting from the Internal Auditor's assessment that:
a) Institutional objectives support and align with the Institution's mission;
b) significant risks are identified and assessed;
c) risk responses are appropriate to limit risk to an acceptable level, and
d) relevant risk information is captured and communicated in a timely manner to enable the Accounting Officer, Management, the Risk Management Committee and other officials to carry out their responsibilities.
(5) In cases where Internal Auditing and Chief Risk Officer roles are combined, the risk management responsibilities include:
a) assisting Management to develop the risk management policy, strategy and implementation plan;
b) co-ordinating risk management activities;
c) facilitating identification and assessment of risks;
d) recommending risk responses to Management, and
e) developing and disseminating risk reports.
(6) When assisting Management in establishing or improving risk management processes, Internal Auditing must refrain from assuming management responsibilities for risk management, as well as auditing the risk management function.