This tool outlines the information request list for an ERM audit. The focus areas are ERM structure and governance, operational risk management, credit risk management, and market risk management. Every area includes the following two sections: request materials and questions for management.
Sample questions include: What benefits does the company seek to gain from its ERM program? How frequently and by whom are business risk assessments performed? Is any external operational loss data incorporated into risk profiling? Does your organization utilize any third-party credit risk management software?