Engagement Memo—Audit of Enterprise Risk Management Process
We are initiating an audit of the company’s Enterprise Risk Management (ERM) process used to identify, evaluate, and manage risks to the company’s business processes. Our objectives are to assess (1) the extent to which the company has implemented an enterprise‐wide ERM process and (2) how the company is using ERM to strategically manage risk across the organization. We may expand our scope or modify our objective during the course of the audit.
During the audit, we plan to interview company officials involved in the ERM program, as well as analyze documents and data related to the design, implementation and management of the program. Our request for documents will be made as our work progresses. We also will work to minimize the impact of the audit by coordinating interviews and observations with staff in advance.