Enterprise risk management is that encompass a range of risk control activities by identify, assess, manage & control risks

Enterprise risk management is an independent and objective assurance activity designed to add value and improve an organisation's operations.

Enterprise risk management provides value to governing bodies and senior management as an objective source of independent advice.

ERM identify & evaluate significant risk exposures & contribute - the improvement of risk management & control systems.

dependent and objective assurance activity designed to add value and improve an organisation's operations.

control activities by identify, assess, manage & control risks.

independent and objective assurance activity designed to add value and improve an organisation's operations.

examine the reliability and integrity of financial and operational information.

Providing additional assurance regarding fair presentation for financial statements

Expressing an opinion on the adequate design and functioning of the system of internal control

Adding value to the organisation

Assuring the absence of any fraud that would materially affect the financial statements

Respect and contribute to the objectives of the organization even if it is engaged in illegal activities

Primarily apply the competency principle in establishing trust

Go beyond the limitation of personal technical skills to advance the interest of the organization

Use individual judgment in the application of the principles set forth in the Code

To support and protect organization value by accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes

To provide an independence, objective assurance and consulting activity designed to add value and improve customer operations

To enhance and protect organizational value by providing risk-based and objective assurance, advise and insight

To enhance and provide an independence value by providing risk-based and objective assurance, consulting activity and insight

Better oversight of risks programs and potential threats

Allowing employees to prioritise risk mitigation actions

Disabling consistent and full reporting of risks

Discontinuous improvement of risk management programs

not all organizations have internal audit departments

controls are designed to prevent and detect only material misstatements

internal controls prevent separation of duties

their effectiveness is limited by the competency and dependability of employees