We are responsible for promoting government-wide risk management and providing public sector management with consulting services in development and implementation of Institutional Risk Management Policy Frameworks (IRMPF) to improve the overall government operations.

According to Regulation 165 of the Public Finance Management (National Government) Regulations 2015, The Accounting Officer is required to ensure that the national government entity develops:

• Risk management strategies, which include fraud prevention mechanism; and
• A system of risk management and internal control that builds robust business operations

Regulation 164 (d) of the Public Finance Management (National Government) Regulations 2015, further provides that The Internal Auditor-General, in leading the internal audit function within the National Treasury, is responsible for policy formulation and strategic direction of internal audit function within the national government entities including promoting national government-wide risk management and provide the management with consulting services to improve the overall national government operations.

Development of a Risk Management Policy (RMP) is a prerequisite to effective risk management in any institution, including public sector institutions. The Policy describes the public sector institution’s strategy for identifying and measuring its internal and external risks, and the supporting policies, procedures and controls to mitigate the risks, and assignment of responsibility for implementing and testing the effectiveness of the policies, procedures and controls.

The role of internal audit is to provide independent & objective assurance to the accounting officers, CEOs state corporations on the effectiveness of the risk management framework put in place by management and recommending appropriate risk mitigation measures.

Internal auditors playing the role of internal consultants assist the ministries and other state agencies to identify and evaluate risks that impact on the operations and then assist in identifying the most appropriate strategies, policies, procedures and controls to manage risks to a level acceptable to management.

Internal audit units in public institutions ensure that;

• The organization’s risk management processes address the objectives which generally gauge the adequacy and effectiveness of the risk management process,
• Risks relating to the organization are categorized into strategic, operational, compliance, environmental, political, financial and are then prioritized,
• Risk mitigation measures are developed and implemented to reduce or otherwise manage risks that are determined to be acceptable to the organization,
• Monitoring activities are conducted periodically to re-assess risk and the effectiveness of controls to manage risks,
• Management is provided with periodic reports on the effectiveness of the risk management process.