To read this content please select one of the options below:

Embedding risk management: structures and approaches

Ian Fraser (Department of Accounting and Finance, University of Stirling, Stirling, Scotland, UK)
William Henry (Division of Accounting and Finance, Glasgow Caledonian University, Glasgow, Scotland, UK)

Managerial Auditing Journal

ISSN: 0268-6902

Article publication date: 24 April 2007

9428

Abstract

Purpose

The paper aims to report research into ways by which companies identify risks and embed risk management and control procedures and also to report on interactions between internal audit and audit committees and their contributions to risk management.

Design/methodology/approach

The first section of the paper comprises a review of the literature on risk management and the roles played by internal audit and audit committees. The paper then reports the results of a series of interviews with officers in UK plcs and external auditors on the issues identified from the literature.

Findings

There was agreement that, while parent boards have ultimate responsibility, the ownership of risks must reside with management at lower levels. Companies tended to adopt a multi‐procedural approach to developing consistent risk management procedures. Internal auditors were believed to have a role to play but concerns were expressed about expertise and independence. The paper recommends a split of the internal audit and risk management functions to preserve internal audit independence and clarify internal audit roles. Audit committees are increasingly involved in risk management but there are doubts as to whether they have the time and expertise to undertake more than high level risk reviews. The paper, therefore, recommends that separate risk committees should be established to direct risk management, with audit committees adopting a watching brief over the process.

Originality/value

The Turnbull Report emerged against a background of growing demand for assurance on risk management and control effectiveness and the approach adopted has been endorsed by the Turnbull Review Group. This paper is a timely evaluation of the work being done by UK plcs in this area and indicates that there are issues to be resolved before risk management is fully embedded in company operations.

Keywords

Citation

Fraser, I. and Henry, W. (2007), "Embedding risk management: structures and approaches", Managerial Auditing Journal, Vol. 22 No. 4, pp. 392-409. https://doi.org/10.1108/02686900710741955

Publisher

:

Emerald Group Publishing Limited

Copyright © 2007, Emerald Group Publishing Limited

Related articles