This guide aims to help organizations enhance Internal Audit functions to better support enterprise risk management (ERM) initiatives. The enclosed best practices equip organizations with the necessary frameworks to evaluate their current risk management strategies, pinpoint potential improvements and foster a seamless integration of audit processes with overarching business goals. By leveraging this tool, users can gain insights into optimizing their risk management capabilities, ensuring that audits not only add value but also drive continuous improvement within the organization.

This document includes two samples that illustrate critical aspects of auditing the ERM process. Sample 1 delves into the fundamental role of Internal Audit in supporting ERM initiatives, emphasizing collaboration with risk owners and the importance of effective reporting. Sample 2 tackles practical strategies for evaluating the maturity of risk management processes, identifying gaps and facilitating stakeholder engagement. It also highlights best practices for integrating risk considerations into business planning and performance management, offering a roadmap for organizations aiming to strengthen their risk oversight and decision-making frameworks.

Key processes in this guide include:

• Identify risks
• Assess risks
• Prioritize risks
• Develop action plans