Audit Committee Involvement in Risk Oversight

December 1, 2007 ERM Initiative Staff 2-min. read

Many boards of directors are directing executive management to embrace enterprise risk management (ERM) to develop a stronger top-down holistic view of risks affecting the enterprise. In most cases, the board is delegating oversight of management’s risk processes to the audit committee. Audit committees are now examining how they can expand their already full agendas to tackle these emerging expectations. A recent article published by the AICPA, Audit Committee Involvement in Risk Management Oversight, provides insight into the emerging role of ERM and issues facing audit committees.

Key points about the Audit Committee’s role in risk management oversight:

Reviewing Risk Identification Process: The audit committee should evaluate the methods used to identify key risks across the organization, ensuring a comprehensive approach is taken.
Risk Assessment and Reporting: The committee should review management’s assessment of significant risks, including the likelihood and potential impact of those risks, and ensure the board receives clear and timely information regarding these risks.
Scrutinizing the Risk Register: The audit committee should carefully examine the risk register, which documents identified risks, mitigation plans, and risk owners, to assess the effectiveness of risk management practices.
Internal Control Evaluation: As risk is closely linked to internal controls, the audit committee should review the effectiveness of internal controls in mitigating key risks.
Communication with Management: The committee should maintain open communication with management to discuss risk issues, potential concerns, and necessary actions to address risks.

Original Article Source: “Audit Committee Involvement in Risk Management Oversight” Mark S. Beasley, AICPA, Dec. 21, 2007. A few key insights for this post were generated by Google’s AI tool.