How do I Implement ERM?

Derek Yankoff, Chief Strategy Officer What does ERM do, actually? Defines and assigns Risk Values (i.e., Inherent Risk, Threats, Vulnerabilities, Annual Rates of Occurrence, Annual Loss Expectancy, Risk Appetite, Risk Tolerance, and Audit Frequency) for every Subject to be assessed. Provides ‘use cases’ that give context to the Subjects to be assessed by risk owners […]

Don’t Confuse a Control Risk Assessment with an Enterprise Risk Assessment

Derek Yankoff, Chief Strategy Officer In managing the internal audit function, the institution’s Audit Committee is responsible for commissioning a Control (or “Auditor’s”) Risk Assessment, developing audit plans and the overseeing the execution of the audit program. A Control Risk Assessment documents the internal auditor’s or outsourced audit service provider’s understanding of the institution’s significant […]