Uncertainty is inevitable, but effective enterprise risk management recognizes and acknowledges the threats associated with that uncertainty. The audit committee plays a crucial role in assessing and managing enterprise-wide risk of an organization by overseeing management’s focus on identifying, evaluating and responding to risks that face the entity. It requires the recognition of ever-changing uncertainty and the importance of deploying programs and tools to assess the risk and opportunities that such uncertainty creates.
Completion of an enterprise risk assessment enables management to determine whether or not the entity’s risk appetite and strategic objectives are aligned. More impactful are the monitoring activities, controls and indicators to mitigate and monitor unfavorable risks that management implements, beginning with an effective enterprise-wide risk assessment. But each organization is unique, so the risks faced and the associated impact will vary from company to company.
The Weaver Risk Insights document Managing Uncertainty discusses enterprise risk management further:
- Frameworks for assessing enterprise risk
- The audit committee’s oversight role in risk assessment
- The ongoing process of enterprise risk assessment