The report, authored by Sridhar Ramamoorti and Marcia Weidenmier, discusses how Internal auditors are faced with new challenges as the importance of understanding information technology (IT) and its impact on risk management becomes even more critical.  Internal auditors can provide value to businesses if they use their IT knowledge to help an organization implement a successful enterprise risk management (ERM) program.  Since Sarbanes-Oxley, ERM’s increasingly important role in organizations has forced internal auditors to use a more risk-focused approach as an alternative to the more traditional control-based approach. 

The internal environment of an organization includes risk appetite as well as other components such as ethical values.  Decisions made about risk tolerance correlate with information technology choices.  If an organization choices to use e-commerce, it becomes a global business and should consider all the risks associated with technological changes. 

IT helps to provide timely data that will assist with the identification, analysis and response to risks.  The organizational changes and the speed created by IT forces auditors to recognize and monitor how it impacts risk management.  Therefore, IT is an asset for organizations trying to manage risk, but concurrently the increased use of IT creates risk that cannot be overlooked.

An organization’s risk appetite establishes the objectives for the business while indirectly affecting the information technology infrastructure.  Organizations that utilize e-commerce have a higher risk appetite and must be prepared to take the necessary precautions for a potentially greater reward.

Click below for a link to the full article.

Link: “Is IT Next for ERM?” by Sridhar Ramamoorti and Marcia Weidenmier, Internal Auditor, April 2006.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2006-04-01