Managing, monitoring and mitigating risk





                           Risk monitoring





               4.1   Risk auditing

                    Risk audit is a systematic way of understanding the risks that an organisation
                     faces.

                    Unlike financial auditing, risk audit is not a mandatory requirement for all
                     organisations but, in some highly regulated industries, a form of ongoing risk
                     assessment and audit is compulsory in most governance jurisdictions.

                    Some organisations employ internal specialists to carry out risk auditing, others
                     utilise external consultants to perform the work.


               4.2   Stages of a risk audit



                              Process for carrying out
                                  internal risk audit








                             Identify risks and                          Assess risk by
                               construct risk                             applying the
                                   register                            probability/impact
                                                                          assessment








                                  Report on                             Review controls
                                inadequately                             over risk which
                              controlled risks                           involves TARA













                                                                                                      205