Internal Control and Risk Management PDF
Document Details
Uploaded by FastestPortland
Far Eastern University
Tags
Summary
This document provides an overview of internal control and risk management. It defines key terms like risk, risk assessment, and risk responses. It also explores different types of operational risks.
Full Transcript
Internal Control and Risk Management COSO was established initially to sponsor research into the causes of fraudulent financial reporting. Limitations of Internal Control 1. Collusion 2. Management Override 3. Cost-benefit 4. Human error – mistake, lapse in judgme...
Internal Control and Risk Management COSO was established initially to sponsor research into the causes of fraudulent financial reporting. Limitations of Internal Control 1. Collusion 2. Management Override 3. Cost-benefit 4. Human error – mistake, lapse in judgment, carelessness, distraction, fatigue Definition Risk - It is the possibility of an event occurring that will have an impact on the achievement of objectives. It is measured in terms of impact and likelihood. (IIA Glossary) Definition Risk Management A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives (IIA Glossary) Definition Risk Assessment A process of identifying, measuring, and analyzing risks relevant to a program or process. This process is systematic, iterative, and subject to both quantitative and qualitative input and factors. It is also dependent on the timeframe of the review. Risk Assessment 1. Identification of Risks A key aspect of any risk assessment. a. This takes the form of a list of risks. b. This may also come from a prepared list. Risk Assessment 1. Identification of Risks Purpose: To find, recognize and describe risks that might help or prevent an organization achieve its objectives. Operational Risk Types ACCOUNTABLE TO REPORT TO/ ACCOUNTABLE TO APPOINT & MONITOR Manages Operates Monitor PROVIDE REASONABLE ASSURANCE Operational Risk Types ACCOUNTABLE TO REPORT TO/ ACCOUNTABLE TO APPOINT & MONITOR Manages Operates Monitor PROVIDE REASONABLE ASSURANCE Operational Risk Types ACCOUNTABLE TO REPORT TO/ ACCOUNTABLE TO APPOINT & MONITOR Manages Operates Monitor PROVIDE REASONABLE ASSURANCE Operational Risk Types ACCOUNTABLE TO REPORT TO/ ACCOUNTABLE TO APPOINT & MONITOR Manages Operates Monitor PROVIDE REASONABLE ASSURANCE Internal and External Constraints in Organization 1. Equipment – types and manner of usage 2. People – lack of skilled and motivated workers 3. Policies – written and unwritten policies Risk Assessment 2. Measurement of Risks a. Estimate significance or impact. b. Assess likelihood of occurrence. Involves an exercise of judgment. ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► ► Risk Assessment 2.1 Risk Portfolio A list or inventory of risks. Risk Assessment 2.1 The Risk Matrix A widely used and highly effective tool to record and analyze the objectives, risks and controls in the program or process that is being audited. An essential ingredient when conducting risk- based audits. Layout varies by organization. Risk Management Evaluation of Risks Determine where additional action is required and can lead to a decision to: a. Do nothing further; b. Consider risk treatment options; c. Undertake further analysis to better understand the risk; d. Maintain existing controls; and e. Reconsider objectives. Risk Management Risk Responses - Risk treatment, to select and implement options for addressing risk: a. Formulate and select risk treatment options; b. Plan and implement risk treatment; c. Assess effectiveness of that risk treatment; d. Decide whether the remaining risk is acceptable; e. If not acceptable, take further treatment.
