Risk Management

Get Involved. Join the Conversation.


    Christine Doxey
    Mitigating Risk with Internal Controls
    Topic posted October 20, 2018 by Christine DoxeyRed Ribbon: 250+ Points, last edited November 9, 2018, tagged Advanced Controls, Financial Transactions, GRC, Risk Management, Sarbanes Oxley, SOX 
    Mitigating Risk with Internal Controls
    This blog takes a look at mitigating risk with internal controls and provides an informational primer on implementation approaches

    Risk is exposure to a potential loss as a consequence of uncertainty. There are global risks and risks in every phase and stage of a business process, with certain risks of greater importance during each stage. Understanding the types of risk faced in the within each process sets the foundation for the development of risk-based controls.

    All companies, regardless of size, structure, nature, or industry, encounter risks at all levels within their organization.  Risks affect each company’s ability to survive, successfully compete within its industry, maintain financial strength and positive public image, and maintain the overall quality of its products, services, and people.   Since there is no practical way to reduce risk to zero, management should determine how much risk should be prudently accepted, and strive to maintain risk within acceptable levels by considering the implementation of risk- based controls.  Refer to the attachment, “Ten Tips for Implementing Risk-Based Controls,” to get more information on the implementation process.

     And as additional information, here are five questions to ask when developing a series of risk-based controls along with the five key metrics to consider when measuring results.

    Five Questions to Ask

    1. Does the control consider a failure that may rise to the level of a material weakness?
    2. Can the control be relied upon to either prevent or detect (in a timely manner) a material misstatement of the filed financial statements?
    3. Has the control been updated recently to reflect the current business process?
    4. Has your organization considered remediation actions resulting from a fraudulent activity, findings from external and internal audits, and other control self-assessment processes? 
    5. Is the control a key component of your continuous controls monitoring (CCM) initiative?

    Five Metrics to Consider

    1. Number of control issues per period
    2. Number of process improvements identified per period
    3. Estimate of total value of control issues identified per period
    4. Average cost per person spent addressing control issues per period
    5. % of transactions tested per period