Chapter 11





                            Risk monitoring





               4.1 Risk auditing

                    risk audit is a systematic way of understanding the risks that an organisation
                     faces

                    risk audit is not a mandatory requirement for all organisations

                    in some highly regulated industries, a form of ongoing risk assessment and
                     audit is compulsory in most governance jurisdictions

               NB Some organisations employ internal specialists to carry out risk auditing, others
               utilise external consultants to perform the work


               4.2  Stages of a risk audit


                              Process for
                              carrying out
                           internal risk audit







                           Identify risks and                      Assess risk by applying
                             construct risk                         the probability/impact
                                 register                                 assessment








                               Report on                             Review controls over
                              inadequately                            risk which involves
                            controlled risks                                 TARA
















               144