During the enterprise risk management (ERM) process, internal audit is responsible for defining ERM for the company; helping the audit committee ensure that responsibilities are met; helping management respond to audit committee or board inquiries; implementing ERM; identifying risk management improvement opportunities; providing assurance over the ERM process; owning, managing and driving ERM; facilitating defining concerns and objectives of various stakeholders; and taking stock of what exists and how it contributes to ERM.

In this tool, we’ve compiled a guide that outlines internal audit’s role and the keys to success related to an organization’s ERM process.