Skip Ribbon Commands
Skip to main content

The IIA Risk Resource Exchange 

Risk Tools and Resources

Interested in obtaining the latest risk management tools and resources? Welcome to The IIA’s Risk Resource Exchange comprehensive archive of tools and resources available to you on the topic of risk and risk management.

Tool Available for Download: Risk Assessment Template

This tool provides a risk assessment template used in practice that has been scrubbed and made available for public use.


 ​
Whistle Blower Penalizing Corruption

Since its inception in 2011, the U.S. Securities and Exchange Commission (SEC) Whistleblower Program has fined wrongdoers more than $1.7 billion. Internal auditors should encourage executives and directors who oversee governance to understand the key elements of the program

Read the article at Internal Auditor Magazine.


 ​
Digital Gavel Is Cybersecurity the Next Sarbanes-Oxley?

“The most far-reaching regulations are often borne out of crisis,” writes IIA Vice President Jim Pelletier in his latest blog post. “We are now in the midst of an ongoing cyber crisis, and internal auditors should be preparing for the regulations to come.”

Read the blog.


 ​
Gregg Hart Making an Impact

What emerging risk areas can internal auditors examine to increase their impact in the organization? Gregg Hart, vice president of internal audit (CAE) at Penske Truck Leasing, provides his recommendations in Part 1 of this Audit Channel video..

Watch now.


 ​
3rd Party Risk Learn How to Audit Third-party Provider Risks

This new practice guide informs chief audit executives and their audit teams about the roles, responsibilities, and risks involved in managing third-party provider risk. It offers tools and guidance on how to plan and execute audits that provide organization wide value.

Get your copy now.


 ​
Tug of War Risky Relationships

Trust is integral in working with third parties. Internal auditors can help their organization ensure that trust is fostered and maintained. A holistic audit strategy can provide confidence in the performance of third-party partners..

Read more.


 ​
Blind Auditing Third-party Risk, Part 1

The complexity of enterprise risk has changed; new risks and responsibilities have emerged. Earning the COSO ERM Certificate helps you navigate the unknown. Learn the concepts and principles of the newly updated ERM Framework from the experts and prepare to integrate that framework into your organization’s strategy. The ERM Framework helps management understand their duties for managing risk and drive business performance.

Watch now.


 ​
Cyber Video Video: Cybersecurity: Threats and Expertise

Nathan Anderson, senior director of internal audit at McDonald’s, discusses the most significant cyber threats facing his organization and the types of expertise internal auditors need to address them on The IIA’s Audit Channel.

Watch now.


 ​
Pelletier 4 Simple Steps to Mitigate Insider Threats

We’ve all seen the tremendous financial and reputational damage associated with data breaches and ransomware attacks. Whether through hiring, training, co-sourcing, or outsourcing, internal audit departments need to upgrade their skills quickly to address these risks.

Read Jim Pelletier's blog.


 ​
GTAB Insider Threat New GTAG: Insider Threat Programs

Understand the insider threat universe and ways to improve existing insider threat programs and create new programs. This new practice guide distinguishes between malicious and non-malicious incidents and describes behaviors that may precede a threat action.

Download Now.


​ ​
Equifax Settlement What the Equifax Settlement Signals About the Importance of Internal Audit

The recent settlement between Equifax and eight states, which brought suit following the credit reporting agency’s massive data breach, reflects a bold statement about the importance of internal audit, writes IIA President and CEO Richard Chambers in a recent blog post.

Read more.


​ ​
A Conspiracy of Silence A Conspiracy of Silence?

In a recent survey by the National Association of Corporate Directors (NACD), 79 percent of directors expressed confidence in management’s ability to sustain a healthy corporate culture. However, the survey indicated that confidence may be based on very limited information. Learn more about how the internal audit function can help assess organizational culture.

Download your complimentary copy today.


​ ​
Time Management Improve Your Risk Assessment Time Management

With all you have on your plate, how much time should you spend on a risk assessment? The Internal Auditor’s Guide to Risk Assessment, 2nd Edition answers this question and so many more.

Download free toolkit with your order.


​ ​
Blockchain Article: Internal Audit and the Blockchain

While cryptocurrencies like bitcoin have received the attention of investors and regulators, it is their underlying technology  —  the blockchain  —  that has the greatest potential to disrupt and reshape traditional business and financial processes and infrastructure. There’s far more to blockchain than bitcoin, and auditors have much to learn about how it works.

Read the article on www.internalauditor.org.


​ ​
COSO ERM Certificate Program COSO ERM Certificate Program

The complexity of enterprise risk has changed; new risks and responsibilities have emerged. Earning the COSO ERM Certificate helps you navigate the unknown. Learn the concepts and principles of the newly updated ERM Framework from the experts and prepare to integrate that framework into your organization’s strategy. The ERM Framework helps management understand their duties for managing risk and drive business performance.

Register today.


​ ​
Managing Risk in Uncertain Times Ensure Your Team Evolves With ERM

The latest Internal Audit Foundation release, Managing Risk in Uncertain Times is designed to empower your team to add immediate value to its risk management reporting by leveraging the new COSO ERM Framework around three key areas: strategy, risk, and performance. Learn More.


​ ​
Practical Enterprise Risk Management: Getting to the Truth New Release: Practical ERM Book Gets Straight to the Point

Today’s practitioners don’t have time to comb through the abundance of ERM theories, generic frameworks, and approaches out there. They need concise, focused, practical help they can put to work almost immediately that gets results. The Internal Audit Foundation’s newest release, Practical Enterprise Risk Management: Getting to the Truth, gets the job done with “how-to” descriptions for two real-world tested ERM approaches that work. Learn More.


​ ​
Assessing and Managing Strategic Risks New Strategic Risk Assessment and Management Book

The Internal Audit Foundation has released Assessing and Managing Strategic Risks: What, Why, How for Internal Auditors, designed to provide sound, practical advice to meet the challenge of a dynamic risk environment. Learn more about this release, which includes helpful tools such as strategy and risk heat maps, strategic risk management diagnostic, and detailed process charts.


​ ​


Internal Audit Foundation Book Available for Purchase: Bribery: Identify Hidden Risks in Your Organization

This book offers practical information and advice on third-party bribery, legislative and regulatory considerations, channels through which bribes may be made, concealed, or prevented, anti-bribery controls over an organization’s expenditure, revenue, assets, and liabilities, organizational whistleblowing hotlines, and anti-corruption compliance programs


​ ​
Tool Available for Download: Risk Assessment Questionnaire

This tool provides a risk assessment questionnaire template used in practice that has been scrubbed and made available for public use.


​ ​
Internal Audit Foundation Book Available for Purchase: CRMA Study Guide

The CRMA® Exam Study Guide, 1st Edition, compiles the comprehensive review material you need to prepare for the Certification in Risk Management Assurance™ (CRMA®) exam.


  ​

Tool Available for Download: Risk Assessment and Matrix

This tool provides a risk assessment and matrix template used in practice that has been scrubbed and made available for public use.


 
Internal Audit Foundation Book Available for Purchase: The Internal Auditor’s Guide to Risk Assessment

The Internal Auditor’s Guide to Risk Assessment will show you how to conduct a risk assessment, use the risk assessment to create the audit plan, and align risk assessment to business objectives. This guide includes a resource package with seven customizable templates for audit universe risk assessments, three customizable templates for engagement risk assessments, scoring criteria and definitions, risk category and risk factor definitions, and a glossary of key concepts.


 

Tool Available for Download: Entity-wide Risk Matrix

This tool provides a, entity-wide risk matrix template used in practice that has been scrubbed and made available for public use.


 

Internal Audit Foundation Book Available for Purchase: ERM: Achieving and Sustaining Success

In today’s rapidly changing business climate, organizations are looking for proactive ways to foresee risks. To be successful, organizations must find ways to create new value and protect existing value from being prematurely destroyed. Managing the risks associated with any strategic plan is vital to ensuring the organization’s ongoing success.


 

Tool Available for Download: Engagement-level Risk Assessment

This tool provides an engagement-level risk assessment template used in practice that has been scrubbed and made available for public use.


 
 ​Internal Audit Foundation Book Available for Purchase: Sawyer’s Guide for Internal Auditors, 6th Edition

Sawyer’s philosophy was that internal auditors should watch for emerging trends while keeping pace with changes in The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards), IT, legislation, and regulations—and to respond effectively to international events and evolving governance and risk management mandates. This 6th edition is a 3-volume set, making the content navigable for the reader, and each volume includes an index and glossary for easy reference.


 

Tool Available for Download: Audit Universe and Risk Assessment Tool

This tool provides an audit universe and risk assessment template used in practice that has been scrubbed and made available for public use.