A Practical Guide to Finding the Best Internal Audit Firm for Your UAE Business According to Protiviti’s Pulse of Internal Audit Survey Report UAE—2024, 92% of internal-audit teams in the UAE report that their function adds value through assurance and advisory work. This figure shows how the internal audit function has moved beyond compliance reviews […]
Introduction The Institute of Internal Auditors (IIA) published the Global Internal Audit Standards (GIAS) in January, 2024. The GIAS will become effective January 9, 2025. Domain III on Governing the Internal Audit Function includes Standard 6.2 Internal Audit Charter. From a governance perspective, this is the most important Standard as the Internal Audit Charter includes […]
Introduction The nature of risk management is perpetually evolving which is of course, natural, as practitioners seek to drive improvements through either rethinking existing practices or through innovation. One such area on which there is often no overall agreement, is that of risk aggregation. There are few studies on this issue and neither ISO nor […]
Introduction For banks or financial institutions, risk appetite is a particularly important component of an end-to end risk management framework. It needs to be supported by other risk management components, such as a comprehensive risk taxonomy, robust risk identification and assessment processes, data and analytics capabilities, and a risk aggregation and prioritization logic based on […]
KPIs, KRIs, KCIs… It’s easy to get tangled in the alphabet soup 🥣 of metrics. While each of these ‘K & Is’ plays a distinct role in your organisation’s success, they are all ultimately just indicators serving a different purpose. ⬇ Here’s the breakdown: 🔹 KPIs (Key Performance Indicators) – These metrics keep score of […]
Necessities for Effective Risk Management What is it? A control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. (Source: IIA/IPPF) There may be different definitions, but I personally like this one as it includes all the key […]
What is it? Governance refers to the framework of rules, practices, processes, and structures by which an organisation is directed and controlled. It encompasses the mechanisms through which the objectives of the organisation are set, monitored, and achieved, while also ensuring accountability to stakeholders. Risk governance is a subset of overall governance that focuses specifically […]
In my previous article, I discussed assessing ERM maturity. Here I will run through the main points of implementing an ERM programme. It is worth noting that every organisation’s ERM implementation programme should be based on its own maturity, objectives, requirements and applicable regulatory standards. However, the points below should help to benchmark your approach. […]