Practice Guide: Assessing the Adequacy of Risk Management Using ISO 31000
Strongly Recommended Guidance
The use of enterprise-wide risk management frameworks has expanded as organizations recognize the advantages of coordinated approaches to risk management. The risk management framework must be designed to suit the organization: its internal and external environment.
Assessing the Adequacy of Risk Management Using ISO 31000 details three approaches to assurance of the risk management process: a Process Elements approach; an approach based on Principles of Risk Management; and a Maturity Model approach. The assurance process that is used should be tailored to the organization’s needs. Internal auditors should have a means of measuring the effectiveness of risk management in an organization and forming a conclusion on the organization’s level of risk management maturity. One of the key criteria that internal auditors should consider is whether there is a suitable framework in place to advance a corporate and systematic approach to risk management.
This Practice Guide uses ISO 31000 as a basis for the risk management framework. Other frameworks may be used to perform the risk assessment. This guidance does not imply implicit or explicit endorsement of this or any other framework.
Downloads and Links
Assessing the Adequacy of Risk Management Using ISO 31000
Practice Guides are restricted to IIA members only.
Non-members may purchase this Practice Guide from The IIA Research Foundation Bookstore.