This page contains a list of links to KnowledgeLeader publications and tools that will assist a new professional in understanding and getting started in a career in internal audit and risk management.
What is Internal Audit?
Internal audit is a profession common to consulting firms such as Protiviti. Internal auditors assist organizations in implementing and improving compliance, governance and risk management-related processes and controls within an organization. Many companies also have their own internal audit team in house. The internal audit team within a company can range from one to hundreds of auditors, depending on the company size. These organizations may also partner with outside consulting firms on big projects or if they need more expertise.
Internal audit can help on nearly any aspect of a business, from choosing a new technology to integrate into the organization to implementing a new company culture. Auditors go in to analyze and document the current process in place, usually through interviewing key personnel, and come up with recommendations to help the company achieve efficiency and effectiveness.
- Guide to Internal Audit
This internal audit guide addresses common questions concerning the NYSE listing requirements that mandate creation of an effective internal audit function. The more than 65 questions and answers will assist those planning to develop a function. The booklet provides guidance on issues ranging from roles and reporting structures to audit risk assessments, and management’s responsibilities. Ten appendices include samples and additional information. This guide has now been updated to reflect the SEC’s approval of PCAOB Auditing Standard No. 2 and other regulations in the US and Canada.
- Internal Audit Charter: Sample 2
This sample charter outlines the mission, scope of work, accountability, independence, responsibility and authority of a company’s internal audit department.
What is Risk Management?
The objective of risk management is to help identify and document the organization's risks in critical business processes and the internal controls within each process to mitigate those risks.
For all businesses there are risks that exist and need to be identified and addressed in order to prevent or minimize losses. Risk is the threat that an event, action or non-action will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully. Risk is measured in terms of consequences and likelihood.
Risk management must control identified risks to help the company achieve its performance and profitability targets, prevent loss of resources, ensure reliable financial reporting, and ensure compliance with laws and regulations, avoiding damage to its reputation and other consequences.
- Guide to Enterprise Risk Management: Frequently Asked Questions
In today’s challenging global economy, there is a need for identifying, assessing, managing and monitoring an organization’s business opportunities and audit risks. The concept of enterprise risk management (ERM) helps elevate the focus of risk management from the tactical to strategic level. The purpose of this publication is to address some of the most commonly asked questions with respect to ERM. It offers ideas, suggestions and insights to executives responsible for ERM implementation.
- Assessing Risks and Internal Controls Guide
For all businesses there are risks that exist and need to be identified and addressed in order to prevent or minimize losses. As part of their Sarbanes-Oxley compliance efforts or enterprise risk management programs, many internal auditors are involved in training process owners to assess risks and take responsibility for managing internal controls. In this effort, it is important to acknowledge the process owner’s responsibility for the design, implementation and maintenance of the control structure within assigned business processes. Process owners are also expected to: contribute direction to identify, prioritize and review risks and controls; remove obstacles for compliance; and remedy control deficiencies; continue or begin a program of self-assessment and testing to monitor the controls within your processes. This guide was developed to help with this training activity.
- Protiviti Risk ModelSM
The Protiviti Risk Model is a comprehensive organizing framework for defining and understanding potential business risks. The model categorizes business risk into three main areas: Environment Risk, Process Risk, and Information for Decision-Making Risk.