Skip Ribbon Commands
Skip to main content

NEW! Practice Guide: Assessing the Risk Management Process
Recommended Guidance

Practice Guide: Assessing the Risk Management ProcessRisk management activities and initiatives are required and expected by regulators, rating agencies, and stakeholders in major industries around the world. However, risk management is driven by more than regulations and external forces; organizations of any type and size could benefit from implementing a risk management process to help increase entity value, achieve operational and strategic objectives, and safeguard stakeholders.

This guide will aid the internal audit activity in developing approaches to review and assess the effectiveness of an organization’s risk management processes and strategies, regardless of the activity’s size, maturity level, or resource level.

It also discusses how internal audit may influence the positive side of risk, providing insights to senior management and the board on how organizations can discover and embrace potential missed opportunities.

This guidance will enable internal auditors to:

  • Understand the need to perform audit engagements of risk management activities.
  • Understand the key components of an effective risk management process.
  • Develop an approach taking into account the business environment, the level of maturity, and regulatory environments.
  • Collect the necessary information to determine the scope of the audit engagement of risk management activities.
  • Evaluate the effectiveness of risk management processes.
  • Contribute to the improvement of risk management processes.

Downloads and Links

Practice Guides are restricted to IIA members only.

Non-members may purchase this Practice Guide from the IIA Bookstore.


An updated edition of the International Professional Practices Framework (IPPF) guide, more commonly known as the Red Book, is now available. Visit the IIA Bookstore for more information.