Embed Size (px)
Citation preview
IDENTIFYING RISKS AND IDENTIFYING RISKS AND CONTROLS IN BUSINESS CONTROLS IN BUSINESS
PROCESSPROCESS
Objectives of Internal Objectives of Internal Control (Control (SAS No. 94)SAS No. 94)
Objectives of Internal Objectives of Internal Control (Control (SAS No. 94)SAS No. 94)
1. Reliability of financial reporting2. Effectiveness and efficiency of
operations3. Compliance with applicable laws and
regulations
A process … designed to provide reasonable assurance regarding the objectives :
1. Control environment2. Risk assessment3. Control activities4. Information and communication 5. Monitoring
Elements of Internal ControlElements of Internal Control
1. Control environment2. Risk assessment3. Control activities4. Information and communication
5. Monitoring
Elements of Internal ControlElements of Internal Control
Integrity, ethical values, Management philosophy and
operating style, and organizational structure influences the control
environment.
Integrity, ethical values, Management philosophy and
operating style, and organizational structure influences the control
environment.
1. Control environment2. Risk assessment3. Control activities4. Information and communication5. Monitoring
Elements of Internal ControlElements of Internal ControlElements of Internal ControlElements of Internal Control
Once risks are identified, they can be analyzed to estimate their significance, to assess their likelihood of occurring, and to determine actions that will minimize them.
Once risks are identified, they can be analyzed to estimate their significance, to assess their likelihood of occurring, and to determine actions that will minimize them.
1. Control environment2. Risk assessment3. Control activities4. Information and communication5. Monitoring
Elements of Internal ControlElements of Internal ControlElements of Internal ControlElements of Internal Control
Control ActivitiesControl ActivitiesControl ActivitiesControl Activities
Performance reviews Segregation of duties Application controls General controls
1. Control environment2. Risk assessment3. Control procedures4. Information and communication5. Monitoring
Elements of Internal ControlElements of Internal ControlElements of Internal ControlElements of Internal Control
The company’s information system is a collection of procedures (automated and manual and records established to
initiate, record, process, and report the events in an entity’s process
Communication involves providing an understanding of individual roles
and responsibilities
The company’s information system is a collection of procedures (automated and manual and records established to
initiate, record, process, and report the events in an entity’s process
Communication involves providing an understanding of individual roles
and responsibilities
1. Control environment2. Risk assessment3. Control procedures4. Information and communication5. Monitoring
Elements of Internal ControlElements of Internal ControlElements of Internal ControlElements of Internal Control
1. Execution2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
1. Execution2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
1. Execution
2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
Proper execution of transactions in the revenue and acquisition cycles
1. Execution
2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
Proper execution of transactions in the revenue and acquisition cycles
Risk of not achieving execution objectives
1. Execution2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
1. Execution2. Information System
3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
Proper recording, updating, and reporting of data in an information system
1. Execution2. Information System
3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
Proper recording, updating, and reporting of data in an information system
Risk of not achieving information system objectives
1. Execution2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
1. Execution2. Information System3. Asset protection
4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
Safeguarding of assets
1. Execution2. Information System3. Asset protection
4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
Safeguarding of assets
Risk of loss or theft of assets
1. Execution2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
1. Execution2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
Favorable performance of an organization,Person, department, product, or service
1. Execution2. Information System3. Asset protection4. Performance
Objectives and RiskObjectives and RiskObjectives and RiskObjectives and Risk
Favorable performance of an organization,Person, department, product, or service
Risk of not achieving performance objectives
