Risk Management Audit
Risk management is the process a company goes through to identify, assess and prioritize risks. During a risk management audit, the company will employ either an internal or external individual to review the risk management steps a company has taken. Auditors will review specific risk management plans to ensure they are relevant, timely and effective. Companies will use audits as part of the risk management process to ensure the plan or procedures do not go stale if not used frequently.
Separating the risk management function from the risk management audit allows a company to have a second pair of eyes to review risk management plans. This also creates a natural segregation of duties within the company. Segregating duties ensures that one employee does not have too much responsibility or control over an internal business function. Another advantage of this separation is to ensure that multiple employees have knowledge of a company’s risk management plan. This ensures that the absence of one employee does not create a risk in and of itself or within the organization.
The risk management audit process will typically follow a few basic steps, although audits are usually individual to each company.
The audit will start with a meeting to discuss the audit scope and determine what risks the company’s management team believes are most dangerous to the company
After this initial meeting, auditors will devise a written plan for selecting a sample and the testing methods to determine how effective the company’s risk management plan seems to be when compared to the possibility of each risk.