ABSTRACT
The internal audit function is an organizational unit within the company responsible for protecting and enhancing value. Governance, Risk, and Compliance, a holistic approach to entity risk management, integrates the internal audit with all related capabilities throughout the organization to manage uncertainty, reduce risk, and leverage opportunities. The board and management have more flexibility in shaping what the internal auditors would do, while the external auditor has a well-defined regulatory role as an independent provider of assurance on financial accounting and reporting. An internal auditor with tenure with the company builds considerable depth in the business processes of the company. An effective enterprise risk management must consider change, both internal and external, to the entity. Depending on the company size, the internal audit resources may or may not be able to afford all of the competencies essential for the entity’s risk management.
