Earlier this year, IIA Norway shared Good Practice Guidelines for the Enterprise Risk Management Function. It’s an update of their 2020 document.
They explain:
The target group for these guidelines is organisations that would like to either establish an Enterprise Risk Management function or develop their existing risk management function further. The principles in this guidance may also be useful for organisations without a discrete Enterprise Risk Management function, but where responsibility for Enterprise Risk Management is assigned to another function with enterprise-wide responsibility.
The main motivation for internal auditors’ involvement in defining what is good practice for Risk Management is that Enterprise Risk Management has developed over the last 15 to 20 years to become a vital element in good corporate governance. Unlike the profession of internal auditing which has had a unifying global body defining principles and standards the Institute of Internal Auditors (founded in 1941) there is currently no equivalent worldwide body representing the profession of Enterprise Risk Management.
In the Nordic and Baltic countries the profession is characterised by a number of formal and informal associations, some of which are members of a European representative body FERMA. The primary aim therefore…
