• Schools & departments

Internal Audit

• Internal Audit home
• What is Internal Audit?
• The audit process
• External clients
• Corporate governance
• Risk management
• Who we are
• Find us

• University Homepage
• Schools & departments
• Internal Audit
• Risk management

Risk management

Business management is about making things happen. Risk management is concerned with the things that might go wrong.

The good manager who works towards achieving business objectives also has a clear idea of how to prevent or otherwise react to the risks which threaten these objectives. With foresight, it is possible to deal with any risk.

Everyone who has responsibility for driving any part of the business also has some responsibility to think about and manage risks. To that extent, risk management at local level belongs to everyone.

We use controls to manage the risks and ensure the business is doing what we intended it to do. The Committee of Sponsoring Organisations of the Treadway Commission ( COSO) defines a control as "a process designed ... to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; and compliance with applicable laws and regulations".

Internal Audit can help managers to identify risks and establish effective controls. It is usual to document the risks and controls in a risk register. At University level there is formal oversight of top level risks, and the University offers guidance on risk management.

• University Risk Management Committee
• COSO (Committee of Sponsoring Organisations of the Treadway Commission)

This article was published on Aug 27, 2010

• Terms & conditions
• Privacy & cookies
• Website accessibility
• Freedom of Information Publication Scheme

Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh 2013.