Internal audit work for risk management in companies

Abstract

In recent years, internal audit has been given an important role in risk management in the companies, although risk management remains a key responsibility of senior management and the board. Treatment of risk by internal audit is required by the Law on Enterprises, the Law on Banks, Insurance Law, and other laws. Internal audit has a wide mandated coverage that includes financial risks, operational risks, the risks of information technology, legal and strategic risks, at both macro and micro levels. To determine the existence of adequate risk management processes, and that these processes are adequate and effective, the boards in this role may require support of internal audit activities - through testing, assessment, reporting and recommending improvements regarding the adequacy and effectiveness of risk management. Internal auditors work through the assurance and consulting function in order to identify, evaluate and implement a methodology for risk management and controls to manage these risks.