Auditing Conduct Risk

The issue of conduct is not easily separated from an organization’s culture; rather, it is a distinct segment of culture as a whole.

Internal auditors can add value by assessing and reporting on their organization’s conduct risk management. The internal audit activity can help drive strong internal control risk management frameworks (including conduct risk) that align with stakeholder expectations, supporting boards, audit committees, and executive management in their oversight roles.

This guidance will enable internal auditors to understand:

• The business significance of conduct risk in an organization’s control environment.
• The key components of conduct risk.
• Key stakeholder (including regulator) concerns and expectations related to conduct risk.
• Internal audit’s role in assessing and reporting on organizational culture and management of conduct risk.
• An approach to assess and report on an organization’s culture and management of conduct risk.