The Institute of Internal Auditors (IIA), effective January 2013, has revised its International Professional Practices Framework (IPPF) to assess the effectiveness of enterprise-wide risk management programs.
These mandated changes require auditors to validate the most timely and most significant risks, especially those that impact the achieving of the organization’s strategic objectives. Auditors need a method to assess the adequacy of the risk management program at their organizations.
The IIA recommends the Risk Maturity Model, in conjunction with this Internal Auditors Guide, as tools to help understand what ERM effectiveness means, and how to determine if ERM maturity is being measured effectively and accurately.
This Risk Maturity Model PDF guide includes:
- Overview of the Risk Maturity Model
- Detailed Best Practice Guidelines
- Checklist for Audit to validate RMM Guidelines
- Recommendations for improvement