Audit of Enterprise Risk Management

ERM Audit Highlights

Highlights from the Audit of Enterprise Risk Management (ERM)

Download audit highlights 

Why we did this audit

ERM is a critical tool which establishes enterprise-wide processes and practices to assess, manage and report on risks to the successful achievement of organizational objectives, in order to support management decision making.

 

What we found

We found that the City has an ERM program in place supported by an ERM Policy and Framework. There are sound and robust processes in place and functioning which support the identification and management of the most significant risks to the organization.

Notwithstanding, the audit noted a number of opportunities to improve and strengthen current risk management practices across the City to mature the overall program.

 

We made seven recommendations to ensure that:

  • the ERM Policy and Framework clearly describe the roles and responsibilities for all stakeholders involved in the risk management processes;
  • the City’s risk tolerance levels are clearly defined, understood and communicated;
  • Council receives sufficient corporate risk information to support their decision making;
  • ERM training needs are addressed for both staff and Council members;
  • oversight is strengthened to ensure consistent risk management processes across City departments; and
  • fraud risks are strongly integrated within the ERM framework.

Back to Audit Reports Back to Home Page

This website uses cookies to enhance usability and provide you with a more personal experience. By using this website, you agree to our use of cookies as explained in our Privacy Policy.