
This sample audit report includes a review of key policies and procedures and the evaluation of design effectiveness of key controls for enterprise risk management (ERM).
The objective of implementing ERM is to provide reasonable assurance to an entity’s management and board that the entity’s business objectives are achieved while operating within the board’s risk appetite. ERM is tasked with identifying, measuring, monitoring and reporting risks which significantly challenge management’s ability to achieve its objectives. In this example, management significantly restructured the ERM program’s methodology and direction. An ERM policy has been adopted; the full ERM implementation is projected to be completed within two to three years across all subsidiaries.