Risk is embedded in business environment. A well established company must be aware and manage risks to be within company’s acceptable risk level to achieve the goals of sustainable growth and enhance value of the company. In the late of 2001, US had been shocked by some corporate scandals in USA, such as Enron, WorldCom, Adelphia, etc. As a response of corporate scandals, US released Sarbanas-Oxley Act (SOA) as a law in 2002 that has had a major impact on worldwide enterprises and particularly those with securities registered through the Securities and Exchange Commission (SEC). SOA established major new regulatory rules for public accounting firms, financial auditing standards, and corporate governance. Risk management as one of important elements from Good Corporate Governance (GCG) has evolved from risk management traditional to Enterprise Risk Management (ERM). ERM presents an enterprise-wide approach that eliminates traditional barriers between functions, departments, divisions within an organization. ERM facilitates detection of the major risks to the company and identification of improvement opportunities. ERM as a process needs internal audit function to give an assurance ERM process is implemented effectively.

Keywords : Enterprise Risk Management, Risk Management, Internal Audit, Good Corporate Governance