Database Reference
In-Depth Information
Risk Assessment and
Control Verification
In the previous chapters, we have discussed the governance program at InFission.
We have provided information about the governance approach, processes, and
systems that the board of directors and management can use to set strategy and
establish governance guidelines. Once the management, with the approval of the
board of directors, has established the strategic objective, and corporate governance
policies, the Chief Audit Executive prepares the annual internal audit risk
assessment plan to assure that the enterprise can meet its strategic objectives. Control
verification activities follow risk assessment to obtain management verification of
internal controls design and operating effectiveness.
Risk Assessment
and
Control
Verification
enable organizations to maintain good governance, monitor operational
effectiveness, and comply with applicable laws and regulations.
Risk assessment is typically conducted based on a framework that applies at all
levels—enterprise, function, and business unit—of the organization. In recent years,
many well-managed organizations have adopted an
Enterprise Risk Management
(
ERM
) framework. Risk assessment is a key component of this framework and it
can provide a more holistic risk management's approach that is closely aligned with
management view of the organization. Many organizations use a
qualitative
approach
by periodically asking managers to rate risks based on likelihood of occurrence
and impact on the business. Some organizations with a mature risk management
program also implement a more rigorous
quantitative
assessment program using
probabilistic and non-probabilistic models by monitoring internal risk incidents,
such as transaction errors and external risk incidents, such as loss events within their
industry peers.
Search WWH ::
Custom Search