Fraser and Henry (2007) undertook a series of interviews with the finance director,
the AC chair, and, where applicable, the head of internal audit and the director of risk
management in five large UK organizations, as well as an audit partner from each of
the Big-4 audit firms. They found that internal audit tends to play a major role in ERM,
particularly in the embedding of risk. More interestingly, they also found evidence of
internal auditors having responsibility for ERM practices, despite the COSO and IIA
position paper stating that responsibility must rest with management. For example,
in one organization the internal auditor had been responsible for setting up the system,
while in another there were concerns that an internal audit function that was composed
predominantly of accountants and at the same time heavily involved in risk
management may not identify certain risks.
Fraser and Henry (2007) undertook a series of interviews with the finance director,
the AC chair, and, where applicable, the head of internal audit and the director of risk
management in five large UK organizations, as well as an audit partner from each of
the Big-4 audit firms. They found that internal audit tends to play a major role in ERM,
particularly in the embedding of risk. More interestingly, they also found evidence of
internal auditors having responsibility for ERM practices, despite the COSO and IIA
position paper stating that responsibility must rest with management. For example,
in one organization the internal auditor had been responsible for setting up the system,
while in another there were concerns that an internal audit function that was composed
predominantly of accountants and at the same time heavily involved in risk
management may not identify certain risks.
การแปล กรุณารอสักครู่..