Scribd Logo
Upload

Welcome to Scribd!

  • A. Risk Information, Communication, and Reporting

    Uploaded by

    caryl remilla
    12 views3 pages
    Thesis

    Original Title

    Additions to Appendix C

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Thesis

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views3 pages

    A. Risk Information, Communication, and Reporting

    Uploaded by

    caryl remilla
    Thesis

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    A.

    Risk Information, Communication, and Reporting


    Statement 5 4 3 2 1
    The organization is often able to capture information- and
    communication-related risks.
    We are often able to communicate within the organization without
    any communication barriers.
    We are often able to communicate outside the organization without
    any communication barriers.
    Management obtains, generates and makes use of relevant, timely
    and quality information to support the other internal control
    components.
    Management makes use of the following data sources and information types:
    o Internal sources (internally-generated or prepared reports)
    o External sources
    o Financial or Quantitative information
    o Non-financial or Qualitative information
    The company incorporates electronic or technological means in capturing, storing and
    generating financial and non-financial information. Choose one:
    YES ____ NO _____
    The information generated by the company's current information system has:
    o Appropriate content: It is at the right level of detail.
    o Timely information: It is available whenever needed.
    o Current information: It is the latest one available.
    o Accurate information: It has correct data.
    o Accessible information: It is easy to obtain by those who
    need it.
    There is proper internal communication of the company information, objectives and
    responsibilities as to the following levels:
    o Top Level (Top management, board of directors, etc.)
    o Middle Level (Department managers, Supervisors, etc.)
    o Lower Level (Workers, etc.)
    The following are company modes to disseminate critical information throughout the
    organization whenever needed.
    o Comprehensive code of conduct
    o Policy Manuals
    o Memoranda
    o E-mails
    o Bulletin board notices

    1
    o Webcasts
    o Videotaped messages
    o Organization-wide meetings
    o Departmental/Divisional meetings
    o One-on-one sessions
    There is an established communication between management and the
    board of directors so that both have information needed to carry out
    their respective roles in the achievement of organizational objectives.
    The following are included in a communication process reinforcing to all employees, down to
    the front-line, their responsibilities and roles on internal control and risk management:
    o Organization-wide meetings
    o Departmental/Divisional meetings
    o One-on-one sessions
    o Regular employee evaluation
    o Employee orientation and trainings sessions
    o Ongoing corporate communications and feedback
    mechanisms
    o Remedial and disciplinary actions
    Others, please specify:
    ___________________________________________________________
    Management communicates timely and relevant information with
    external parties on matters affecting the internal control components
    We find our reports on our risks to be of high quality, reliability and
    relevance.
    We find our internal management reports to be of high quality,
    reliability and relevance.
    We find our external reports to be of high quality, reliability and
    relevance.
    There is a process for both internal and external parties to
    communicate suspected indecencies or fraudulent activities, financial
    reporting errors, improper use of company assets and other
    misleading information.
    There is a process for these gathered information to be brought up to
    top management, particularly the board of directors for discussion.

    B. Monitoring
    Statement 5 4 3 2 1
    1. We often monitor the reported risks in the organization

    2
    The company conducts monitoring of risk management policies implemented through:
    Ongoing activities (e.g. built into the normal, recurring operating
    activities of an entity)
    o Review operating reports
    o Constant communication with external parties
    o Constant communication with internal parties
    o Regular provision of recommendations to
    strengthen risk management from internal and
    external auditors
    o Trainings seminars
    o Planning sessions
    o Personal discussion between supervisor/manager and
    personnel directly assigned
    Separate evaluations. (Please indicate how often these evaluations
    are
    conducted and who conducts them.)
    The results of these monitoring activities are communicated in a
    timely manner to parties responsible for taking corrective action,
    which includes top management and board of directors.

    You might also like