THE VALUE OF ENTERPRISE RISK MANAGEMENT IN AUDITING

In general, any decision regarding the accomplishment of a new objective involves a risk in obtaining the desired results due to the constant changes in the business environment.

While risk evaluation is vital for strategic decision-making at the highest levels, it is even more important for an organisation’s long-term sustainability.

Risk management is the continuing process to identify, analyse, evaluate, and treat loss exposures and monitor risk control and financial resources to mitigate the adverse effects of loss.

Identifying and measuring audit risks during the strategic planning of the entity is strongly connected to establishing risk management of the entity. When the audited entity has an established risk management that is proven to be efficient, this will represent a starting point for the auditor in evaluating the risks connected to its engagement, meaning that the general audit risk will be lower, and the assurance level will be higher. This simply means efficient enterprise risk management increases level of trust in the internal audit department’s activity.

Many organisations are under pressure to identify and manage risks related to environmental, social, and governance (ESG) in a way that is both acceptable.

The internal audit relies on an efficient risk management function to provide its assurance and consultancy roles.

While liberalisation, globalisation and industrial revolution generate new business opportunities, financial and economic entities are exposed to more diverse and complex risks than before.

Risk identification, measurement and control have never been more important for organisational and strategic management than they are today.

Corporate governance’s involvement in risk management is essential.

Additionally, the use of integrated risk management procedures at the enterprise level has grown, allowing businesses to acknowledge the benefits of the risk management strategy.

The internal audit, in both their roles of providing assurance and consultancy, contributes to risk management in various ways, its importance being increasing due to the current financial crisis.

People carry on activities of managing risk in order to identify, evaluate, manage and control all types of events or situations that might affect the organisation.

These may vary from individual projects to defining the types of risk, for example, the market risk, to measure the threats and opportunities that organisation is faced with.

The key is for IAF to focus on all risk management processes at enterprise level, not just the risk management department, because Enterprise Risk Management (ERM) is the one able to improve the governing processes in the entire organisation.

The enterprise risk management (ERM) is a continuous and systematic process that enables the detection, assessment, decision-making, and reporting of opportunities and threats that impact the organisation's ability to achieve its objectives.

The Board of Directors has the general responsibility to make sure that risks are properly managed. But, in practice, the board delegates the risk management functioning frame to the management team. Within the team, a separate function may exist, that coordinates and manages these activities and contributes through their competencies and knowledge.

Despite its complexity, risk management is a managerial instrument which helps the organisation to hold the most proper control politics of the unfavourable results (Internal Audit Standard 1130).

Good corporate governance determines management to make the best decisions in risk conditions –meaning, well informed decisions are opposed to avoiding risk.

Some specialists consider that in the current climate an attitude of adversity against risk once with the increasing importance of conformity, determined by the reactions of the regulators around the world regarding the corporate crushes.

The goal of good risk management is to improve the organisation’s decisions. This does not only refer to avoid or to minimize losses, but also to treat the opportunities in a favourable manner.

One of the key requests of the board is to obtain the assurance that the risk management process is efficient, and key risks are managed at an acceptable level.

It is possible that assurance may come from different sources, but from all of them the assurance provided by management is the most fundamental. This aspect should be complemented by providing objective assurance for which internal audit is a key assurance provider. Other sources include external audit and specialised independent reviews.

The main role regarding ERM is to provide objective assurance to the Board regarding risk management efficiency. Research shows that Board directors and internal auditors agree upon the fact that two of the most important ways through which internal audit adds value to organisation consist in providing objective assurance that major business risks are managed in a proper way and providing assurance that risk management and internal control work efficiently.

The consulting role in which internal audit engages involve:

• Directing the process for introducing ERM in an organisation

• Providing advisory, facilitating workshops

• Preparing the organisation for their risk areas

• Supporting managers who seek to identify the most effective means of risk minimisation.

The workload of internal auditors will be significantly decreased if the organisation has a management risk department that operates effectively. If this function is absent, internal auditors have the responsibility of advising the first line of defence on risk identification, assessment, and determination of risk appetite.

Risk assessment plays a crucial role in the analysis of the audit process. Risk assessment is typically the auditor’s top priority. The risks that could arise not only when auditors take an engagement but also during the audit process could cause them to produce audit opinions that are not accurate reflections of reality. The auditors determine their processes based on the risk regions after assessing the risks.

Audit risk has to be very well evaluated, because not only a superficial audit, but also too detailed applied audit procedures can have negative effects on the audit process. The problem for the auditor is that, should he assume risks without knowing about them or fail to take them into account altogether, he may face harsh professional sanctions or have to pay substantial material damages if he is found to have acted negligently and in bad faith in carrying out his duties.

Audit risk has to be very well evaluated, because not only a superficial audit, but also too detailed applied audit procedures can have negative effects on the audit process.

All of this explain why auditors typically devote a significant portion of their engagement time on identifying the risks associated with carrying out their duties. Considering the significance of audit risk establishment, the audit standards provide relatively little guidance on how to establish this risk technically. Everything in the market operates according to the domino principle: as loan costs rise, some firms will

fold but others will strengthen their position; unfavourable instances will incite conflict and cause potential investors to relocate to other regions.

The entities which display professionalism in serving their clients, provide added value service and constantly increase reserve funds, will thrive in this recession. Risk management represents the art ok making decisions in a world governed by uncertainties.

The costs of implementing a risk management within a company depend on the methods of risk reporting and consequence management.

It can be concluded that change comes with insecurity, and insecurity means risk. The future belongs to the businesses based on an efficient risk management.

The outcome is worth the effort, because efficient risk administration brings important benefits for the company through increasing the shareholders’ trust and increasing the productivity of employees. Giving assurance to the Board of Directors and executive management regarding the effectiveness of risk management should be the fundamental role that internal audit plays in relation to risk management.

There is a symbiotic relationship between the risk level and assurance level measured by the external auditor. Therefore, a risk management function that has proved to be efficient leads the external auditor to establish a lower level for the general audit risk.