Business Risk vs Audit Risk Essay examples

1105 Words Jun 9th, 2012 5 Pages
------------------------------------------------
Business Risk vs. Audit Risk
By Gabriel Agboola
The following article first appeared online in the IT Compliance Institute Ask The Auditor column. Used with Permission.
What’s the difference between business risk and audit risk?
Business risk relates mainly to an organization’s goals and objectives. It is essentially the potential cost incurred if the business does not achieve its strategic plans. The assessment and management of business risk has evolved into formalized enterprise risk management (ERM) in many organizations.
By contrast, audit risk relates mainly to the internal and external audit efforts to achieve its objectives; that is, provide effective, timely, and efficient
…show more content…
Within this context, the internal audit function provides strategic, operational, and tactical value to an organization’s operations. For example, internal auditing is: * A resource to the board and management for making sure the entire organization has the resources, systems, and processes for operating an efficient and effective operation. * An assurance tool for management and the board to know all that should be done is being done. By ensuring qualified professional reviews and audits are performed, the board and management can advance its goal of overseeing the organization’s operations and ensuring its continuous improvement and success. * An independent validation resource that the organization’s efforts are proactive and effective against current and emerging threats.
The Institute of Internal Auditors (IIA, http://www.theiia.org) has published a position paper on the role of internal auditing in ERM (see resource side bar, below, for the direct link to this paper). According to the IIA, internal auditors—including IT auditors—should provide advice and comment on management’s decisions regarding risk, as opposed to making risk-management decisions. Auditors' responsibilities should also be documented in a company's internal audit charter and be approved by the audit committee.
In the IIA position paper “The Role of Internal Audit in Enterprise-wide Risk Management,” the IIA

Related Documents