The importance to strong corporate governance of managing risk has been increasingly acknowledged. Organizations are under pressure to identify all the business risks they face; social, ethical and environmental as well as financial and operational, and to explain how they manage them to an acceptable level. Meanwhile, the use of enterprise-wide risk management frameworks has expanded, as organizations recognize their advantages over less coordinated approaches to risk management. Internal auditing, in both its assurance and its consulting roles, contributes to the management of risk in a variety of ways.