Increasing quality and confidence in the IT internal audit risk assessment
Ernst & Young’s recent thought leadership and research publication Turning risks into
results: how leading companies use risk management to fuel better performance
indicates that organizations achieve results from risk in three interrelated ways:
1. Some companies focus on mitigating overall enterprise risk
2. Others focus on efficiency, reducing the overall cost of controls
3. Still others look to create value, often through a combination of risk mitigation
and cost reduction
Increasing your level of confidence in the risk assessment process is one of the most fundamental
ways to focus on mitigating overall enterprise risk, determining appropriate levels of effort and
resources and identifying where to add value. In a worst-case scenario, an organization’s risks can
proliferate at a far faster rate than its ability to provide coverage. Organizations need to have the
ability to identify and address key risk areas and the agility to quickly close the gaps through:
• Identifying and understanding the “risks that matter”
• Differentially investing in the risks that are “mission critical” to the organization
• Effectively assessing risks across the business and driving accountability and ownership
• Demonstrating the effectiveness of risk management to investors, analysts and regulators