A top-down approach toward risk assessment focuses attention on the most significant vulnerabilities and threats facing an organization. That assessment then illuminates vulnerable supporting activities. And examining those activities or processes enables management and the internal audit staff to determine whether or not existing controls sufficiently mitigate identified risks.
When risks are identified, there are a variety of steps management may take to mitigate them: hiring additional personnel, segregating conflicting duties, automating manual processes or requiring more frequent communication among supervisors or departments. All of these can be effective measures, depending on the situation at hand.
The Weaver Risk Insights document Process Level Risk Assessment elaborates on dealing with organizational risks at every level:
- Recognizing potential process level risk factors
- Internal control and compliance efforts
- Factors with impact
- Risk evaluation objectives
- Questions to address when examining process level risks
- Responsibility for and residual benefits of process level risk assessment
For a discussion specific to your organization, please contact Alyssa Martin or Jody Allred, partners in risk advisory services.
Several hundred million copies of Microsoft Excel are in use worldwide, and it’s easy to understand why spreadsheets enjoy immense popularity…