3 Risk-based assurance
The term ‘assurance’ refers to checking and testing, that the oversight that should be happening is happening. People who conduct assurance can often go under the generic title of ‘auditors’. Auditors generally look for evidence that such activities are taking place.
Best practice is to have assurance activities focused on your risks – but what does this mean in practice? In the following sections you will look at how the facets of the control framework should be audited. This audit has certainly got to extend to reviewing the potential impact of behavioural weaknesses amongst employees and ensuring that these do not impair effective risk management.
You can recap the purpose of actions and controls in Session 5, Video 1.
OpenLearn - Risk management
Except for third party materials and otherwise, this content is made available under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Licence, full copyright detail can be found in the acknowledgements section. Please see full copyright statement for details.