Business Risk vs Audit Risk Essay examples
Business Risk vs. Audit Risk
By Gabriel Agboola
The following article first appeared online in the IT Compliance Institute Ask The Auditor column. Used with Permission.
What’s the difference between business risk and audit risk?
Business risk relates mainly to an organization’s goals and objectives. It is essentially the potential cost incurred if the business does not achieve its strategic plans. The assessment and management of business risk has evolved into formalized enterprise risk management (ERM) in many organizations.
By contrast, audit risk relates mainly to the internal and external audit efforts to achieve its objectives; that is, provide effective, timely, and efficient …show more content…
The Institute of Internal Auditors (IIA, http://www.theiia.org) has published a position paper on the role of internal auditing in ERM (see resource side bar, below, for the direct link to this paper). According to the IIA, internal auditors—including IT auditors—should provide advice and comment on management’s decisions regarding risk, as opposed to making risk-management decisions. Auditors' responsibilities should also be documented in a company's internal audit charter and be approved by the audit committee.
In the IIA position paper “The Role of Internal Audit in Enterprise-wide Risk Management,” the IIA