Internal Audit & Enterprise Risk Management

  • Internal Audit (IA) performs an annual risk assessment to develop an audit plan
  • Enterprise Risk Management (ERM) facilitates ongoing risk identification and analysis
  • Sharing of information and coordination of risk activities between IA and ERM
    • Chief Audit Executive serves as a member of ERM Advisory Group
    • Chief Audit Executive, Chief Compliance Officer, and Chief Risk Officer meet regularly to discuss issues
    • ERM informs IA of plan and activities
    • IA provides inputs to ERM process
    • IA provides validation and assurance of risk mitigation activities.