IIA-MCP Server

--- title: "Standard 2120 - Risk Management" url: "https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards/" category: "standards" standard_number: "2120" last_updated: "2024-07-15T12:00:00Z" scraped_at: "2024-07-15T12:00:00Z" --- # Standard 2120 - Risk Management ## Description The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. ## Implementation Notes Determining whether risk management processes are effective is a judgment resulting from the internal auditor's assessment that: - Organizational objectives support and align with the organization's mission and strategic plan - Significant risks are identified and assessed on a timely basis - Appropriate risk responses are selected that align risks with the organization's risk appetite - Relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities The internal audit activity may gather the information to support this assessment during multiple engagements. The results of these engagements, when viewed together, provide an understanding of the organization's risk management processes and their effectiveness. Risk management processes should be monitored through ongoing management activities, separate evaluations, or both. ## Key Elements to Evaluate - Risk identification processes - Risk assessment methodologies - Risk appetite and tolerance levels - Risk response strategies - Risk monitoring and reporting - Integration with strategic planning ## Related Standards - Standard 2100 - Nature of Work - Standard 2110 - Governance - Standard 2130 - Control ## Official Reference For the complete text and detailed implementation guidance, refer to the [IIA Global Internal Audit Standards](https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards/).