Is Your Company
Managing Its Risk?

Every public organization, regardless of size, should have some type
of internal auditing process to help it manage enterprise-wide risk.
Corporate fraud cannot be taken lightly. Management, boards of directors and
audit committees should consider the questions presented below and
quickly take steps to convert any “no” answer to a “yes.”

• Is there a process or function within the organization responsible for assessing and monitoring risk?
  
• Do I have assurance that controls are operating as planned?
  
• Is there a thorough and appropriate reporting mechanism within the organization that allows for an adequate checks-and-balances system for fraud prevention and risk management?
  
• Do I have assurance that financial and other information is reported correctly?
  
• Are risk management, control and governance processes being evaluated and reviewed for efficiency and effectiveness on an ongoing basis?
  
• Do I have a clear understanding of enterprise-wide risk and the organization’s key areas of vulnerability?
  
• Does the organization have an operational system for managing risk?
  
• Is there an internal process within the organization for adding value to and improving operations?
  
• Are the organization’s stakeholders provided with reliable assurances that their investment is protected?
  
•  If  I were not a part of management or the board, would I be comfortable with the assurances provided to me as a stakeholder?
  
•  Am I able to sleep at night without worrying about risk in the organization?
  
•  Am I comfortable that all risks have been appropriately addressed?

Source: The Institute of Internal Auditors. Altamonte Springs, Florida. The Web site is www.itaudit.org.