ABSTRACT
Risks are events that can affect the organization's ability to achieve its objectives. Some events are negative, others represent opportunities. While regulatory risks are always front-of-mind for internal auditors, it is also important to consider the cost of compliance failures. Fines, penalties, and the loss of operating licenses remain key concerns, but increasingly organizations are subject to lawsuits that can result in large financial impacts and reputational damage. Some of the risks of concern in digital economy include: Privacy and data protection, cloud computing, service provider risks, social media, supply chain, knowledge, competition, governance and process. When the organization's risk assessment includes an international dimension, a unique range of new considerations are needed as new risks are created or existing ones are amplified. Internal auditors should audit the risk management process, its objectives, and practices. Internal auditors should help the organization identify, assess, and manage strategic, operational, reporting, compliance, Information Technology (IT), fraud, and other risks to the organization.
