The Risks of Combining ERM and Audit Committees

It may be tempting to combine the board's enterprise risk management (ERM) committee with the audit committee, as to do so cuts down on number of committees and the amount of time looking at risk. However, in the 'Three Lines of Defense' philosophy supported by the financial services industry, the roles and responsibilities of ERM versus audit are quite different. Plus, audit should independently review ERM; reporting the results to the same committee that provides ERM oversight would appear to impact some level of independence. In this condensed discussion, the risk of combining ERM and audit committees is reviewed and facts shared.

Covered Topics:

  • ERM and Its Focus
  • Audit Committees and Their Focus
  • Critical Division of Risk Defense
  • The 3 Lines of Defense
  • Key Considerations