Every organization faces various risks from external and internal sources that must be assessed. Companies are increasingly turning to the internal audit (IA) function to help ensure that the risk management process, control environment, corporate governance structure, and the effective performance of business processes and information technology systems are consistent with the expectations of management and the board. Many IA functions have balanced their scope and approach from the detection of business control/compliance breakdowns to proactively providing solutions for risk management and business control improvement.

This guide is designed to help auditors respond to organizational risks more timely and provide insights to management to help solve problems.