Assessing Risks an的d Internal Controls.ppt

;Your Role as Process Owner;For all businesses there are risks that exist and that need to be identified and addressed in order to prevent or minimize losses. ? Risk is the threat that an event, action, or non-action will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully. Risk is measured in terms of consequences and likelihood. ? The following process is used for assessing risks: identifying risks, sourcing risks and measuring risks. Overall, you should focus on the high risks affecting your operations. ;Considerations Evaluate the nature and types of errors and omissions that could occur, i.e., “what can go wrong” Consider significant risks (errors and omissions) that are common in the industry or have been experienced in prior years Information Technology risks (i.e. - access, backups, security, data integrity) Volume, size, complexity and homogeneity of the individual transactions processed through a given account or group of accounts (revenue, receivables) Susceptibility to error or omission as well as manipulation or loss Robustness versus subjectiveness of the processes for determining significant estimates Extent of change in the business and its expected effect Other risks extending beyond potential material errors or omissions in the financial statements;For all significant processes identify points within the flow of transactions or process stream where there can be failures to achieve the following assertions:;Presentation, Classification and Disclosure ;What are Internal Controls?;Internal Control Myths and Facts;Internal Control Structure;Control definition reflects certain fundamental concepts: Internal control is a process. Its a means to an end, not an end in itself. Internal control is effected by people. Its not merely policy manuals and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute