Practical articles on risk frameworks, audit methodology, and how to get the most out of your risk assessment practice.
A step-by-step walkthrough for building your first risk matrix — choosing the right size, scoring method, and likelihood and impact scales for your organisation.
A plain-English breakdown of the ISO 31000:2018 standard — its principles, framework, and process — written for internal auditors who need to apply it, not just cite it.
The COSO ERM framework's 20 principles across five components, condensed into a practical implementation checklist for risk and compliance teams.
Most risk matrices track inherent risk — but it's residual risk that determines whether your controls are working. Here's how to calculate, present, and act on it.
Internal audit risk matrices serve a different purpose to enterprise risk registers. Here's how to build one that supports your annual plan and gives your CAE a defensible audit universe.