Our Enterprise Risk Management (ERM) service addresses more than just internal controls. Our ERM team will help you achieve business objectives more efficiently, maximize financial performance, optimize resources, and promote Company-wide strategy alignment. To do this, our team will evaluate how effectively customers are executing the following risk management best practices:
The primary objective of the risk assessment process is to identify, evaluate, and classify risks. To accomplish this objective, Elliott Davis and the customer will examine inherent risk, control effectiveness, and residual risk for each audit area (i.e., process or department).
A key component of the Elliott Davis risk assessment approach is the individual attention paid to each key stakeholder, from management to field-level employees. In order to obtain the best information, we conduct one-on-one interviews with a wide range of stakeholders to encourage full transparency from all team members.
Key steps in the risk assessment process include:
- Identifying and classifying inherent risks and the evaluating the sufficiency of the District’s enterprise risk management mechanisms
- Performing high-level analysis of the current state of internal controls, including any potential design, documentation, and/or implementation gaps
- Determining the residual risk ratings based on what remains after considering the inherent risks (i.e., type of risk and likelihood of occurrence) and the potential impact to the Company if these risks materialize, after considering the mitigating internal controls (i.e., control effectiveness)
- Based on the residual risk ratings and recommended audit frequency, the internal audit plan is developed for the subsequent three-to five-year period, prioritizing the highest risk areas
