Document Type

Article

Publication Date

4-1-2006

Publication Source

Internal Auditor

Abstract

As the waves of change caused by the U.S. Sarbanes-Oxley Act of 2002 subside, the next force likely to sweep over organizations is the need to implement enterprise risk management (ERM). ERM has sparked a paradigm shift by encouraging organizations to build a comprehensive risk strategy into their business operations and spurring internal auditors to move from a primarily control-based approach to a predominantly risk-based approach.

One major area of enterprise risk that internal auditors must understand is how information technology (IT) affects their organization within the context of The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Enterprise Risk Management—Integrated Framework. IT is intertwined with all eight components of COSO's ERM framework—as both a source of risk and a risk management tool (see "ERM Automation" on page 47). Internal auditors also can add substantial value to the organization by providing advice on using IT to develop a sound ERM program. Auditors must first understand how technology impacts each component of the ERM framework.

Inclusive pages

45-50

ISBN/ISSN

0020-5745

Document Version

Postprint

Comments

The document available for download is the authors' accepted manuscript (postprint), provided in compliance with the publisher's policy on self-archiving. Permission documentation is on file.

Publisher

Institute of Internal Auditors

Volume

63

Issue

2

Download

Included in

Accounting Commons

Share

COinS