The concept of an organization’s risk appetite is a fundamental element to healthy governance. Yet it is typically focused primarily on financial risk considerations. How should the growing focus on non-financial risk, including ESG, influence how organizations view their risk appetite, and what can internal audit do to support that examination?
This Global Knowledge Brief, the first in a three-part series on governance, risk, and control (GRC) from The IIA, examines in detail this topic, the challenges of rethinking risk appetite with non-financial risk in mind, and the important role of internal audit in the process.
GRC Part 2: Quantifying Non-financial Risk
GRC Part 3: How Digital Transformation is Transforming GRC