Organisations are exposed to various forms of risks. Business risk is the threat that the objectives of an organisation will not be achieved. Management is responsible to address the risks facing the organisation. Management should identify the risks that threaten the organisation and ensure that the total level of risk is reduced. Management makes use of the internal audit function to assist them in the risk management process. The methods used to identify and evaluate risks will differ. One method frequently used, is control selfassessment.
This is an approach used to actively take responsibility and ownership for developing, assessing, maintaining and monitoring controls to address business risk. This article will show that it is the responsibility of the management of an organisation to control and manage risks and that the internal audit function can assist management with this process through the use of control selfassessment. The process, various methods and tools used for control selfassessment, will also be discussed.