CHAPTER 19 - RISK MANAGEMENT FUNCTIONS OF THE AUDITOR-GENERAL
30. Functions of the Auditor-General with respect to risk management
(1) The Auditor-General provides an independent opinion on the effectiveness of risk management as part of the regularity audit.
(2) In providing the audit opinion, the Auditor- General usually focuses on:
a) determining whether the risk management policy, strategy and implementation plan are in place and are appropriate;
b) assessing the implementation of the risk management policy, strategy and implementation plan;
c) reviewing the risk identification process to determine if it is sufficiently robust to facilitate the timely, correct and complete identification of significant risks, including new and emerging risks;
d) reviewing the risk assessment process to determine if it is sufficiently robust to facilitate timely and accurate risk rating and prioritisation, and
e) determining whether the management action plans to mitigate the priority risks are appropriate, and are being effectively implemented.
(3) The Auditor-General will also probe the root causes of audit findings and flag the related risks.