Step 1: Risk Inventory

 Requirements:
o Briefly list and describe the risks and each business process needs to address.
o Include:
 At least 4 risks for each business process:
 BP #1: Sales and Shipping
o 1) Selling goods to customers who have a poor credit
history may result in insufficient cash flows/financial losses
due to inflated uncollectible accounts.
 Control that we selected/bought to mitigate this:
credit checks
 Internal risk – financial
o 2) Lack of security/monitoring in the warehouse may
result in an increase in the level of lost inventory due to
theft.
 Control: (1) single process automation – automated
inventory tracking like RFID (reduces risk of lost
good and enables better/faster sales order
approvals) and purchases
 Internal – physical
o 3) Inadequate oversight of inventory levels may result in
taking orders that cannot be fulfilled in a timely manner.
 Control: have an inventory management system
and make sure it updates in real time due to the
volume of orders our business processes daily (or
batch processing – don’t know if the type really
matters all too much)
 Internal risk – operational?
o 4) Human error that occurs when customers place orders
by phone may result in erroneous data collection and
incorrect order fulfillment, leading to financial and
inventory losses (lost revenue and returned goods).
 Control: (2) single process automation –
computerized system for sales (includes
preformatted screens, online prompting, populate
input screens w/ master data) and ability to accept
orders electronically via a website
 Internal risk – financial
o 5) Risk: Physical disasters like fires may result in damaged
inventory, leading to financial losses for the company.
  Control: (90) Fire sprinkler system (water sprinklers
triggered by fire/smoke/manual fire alarm)
 External risk – physical
o 6) Risk: Errors when recording sales returns may result in
improper revenue recognition affecting the company’s
books and financial statements.
 Internal risk – financial
 BP #2: Billing and Collections (A/R)
o 1) Human error that occurs when the billing supervisor
generates vendor invoices may result in customers paying
incorrect amounts.
 Control: (4) single-process automation – improves
efficiency and includes preformatted screens,
online prompting, populate input screens w/
master data; does not include cash receipts or
electronic collection of customer payments
 Internal risk – financial
o 2) Mishandling of customer checks (misplacement,
theft/fraud/skimming) received in the mail may result in
insufficient cash flows.
 Control: (10) lockbox agreement with the bank
 Internal risk – financial
o 3) Excess write-offs may result in understatements of
accounts receivable and overstatements of bad debts.
 Control: (74) Manager approval of write-offs over
$1,000
 Internal risk – financial
o 4) Recording customer accounts receivable balances
incorrectly may result in incorrect customer account
balances and incorrect collections.
 BP #3: Purchasing
o 1) Purchasing goods that are not needed or ordered by
mistake may result in excessive inventory quantities and
increased carrying costs.
 Control: (5) automated purchasing system (for
inventory and other purchases – includes the use
of purchase requisitions and purchase order
approvals)
 Internal risk – financial
 o 2) Purchasing goods from unapproved vendors may result
in delayed deliveries.
 Internal risk – operational
o 3) Purchasing goods from vendors with a poor reputation
may result in reputational damage for the company.
 External risk
o 4) Risk: Accepting goods that were delayed, incorrect, or
ordered by accident at receiving may result in inventory
mismanagement.
 Internal risk
 BP #4: Payments and Disbursements
o 1) Risk: Unauthorized payments to vendors may result in
fraud or theft leading to financial losses.
 Control: (3) single process automation - reduces
risk of stolen checks/money and enables online
approvals of cash disbursements
 Internal risk – financial
o 2) Risk: Inadequate segregation of duties for processing
vendor invoices and making payments may result in fraud.
 Internal risk
o 3) Risk: Human error when recording vendor accounts
payable balances may result in incorrect payment amounts
affecting the company’s cash balance.
 Internal risk – financial
o 4) Risk: Failure to record payments to vendors may result
in duplicate payments or fraud.
 Internal risk – financial
 Minimum 18 risks in total
 16 = 4 risks x 4 business processes
 2 = remaining (general business controls, and/or… consider the
risks associated w/ HR/Payroll + appropriate controls)
 1) Risk: Prolonged access to company systems and
resources after employees are terminated may
result in terminated employees making
unauthorized changes to the systems leading to
financial, reputational, and data impacts.
 Control: (23) Disable computer access for
terminated users
 Control: (25) Collect keys, badges, and
computers from terminated users
  Internal risk
o General controls for business as a whole:
 1) Risk: Physical disruptions such as bad weather or
natural disasters may result in power outages
leading to operational delays if the company’s
systems are unable to be used.
 Control: (22) Backup power or UPS
(uninterruptible power supply)
 External risk – physical
 2) Risk: Lack of protocols in the event of business
disruptions may result in prolonged operational
delays and widespread losses.
 Control: (39) Business Continuity Plan (BCP)
 External risk – physical
 3) Risk: Lack of anonymity surrounding fraud
reporting may result in prolonged or unreported
fraud because employees do not feel safe reporting
their observations of fraudulent behavior,
behavioral red flags, or misconduct.
 Control: (77) Whistleblower hotline
 Internal risk – financial
 4) Risk: Areas of weakness in the company’s
internal controls may result in increased levels of
fraud leading to financial losses.
 Control: (99) Internal audit teams performs
review procedures for each business
process and general ledger impacts
 Internal risk – financial
o Categorize each risk by internal vs. external & the type of risk it is (see Excel file)

Step 2: Risk Matrix + Heat Map

 Needs to be high-quality
 Only need to do this for ONE business process
o Choose:
 Sales and Shipping
 Billing and Collections
 Purchasing
 Payments and Disbursements
Step 3: Business Process Flowcharts

 Create flowcharts for each business process that represents the process steps after the
controls you picked have been implemented:
a. Sales and Shipping
b. Billing and Collections
c. Purchasing
d. Payments and Disbursements

Step 4: List of Controls Selected

 This is a copy of the controls you enter on the Simulation Tracker (Excel file)

Step 5: List of Unmitigated Risks

 Based off your risk inventory results, briefly describe why you chose to “accept” the risks
that remain unmitigated (i.e., the risks that don’t have controls)
o Q for Prof Miller – do we need just a summary (like a paragraph) of our strategy
(i.e., we focused on risks that could lead to larger financial losses in the
collections & sales/shipping business processes so we didn’t focus as heavily on
purchasing, etc.), or do we need a reasoning/explanation for each unmitigated
risk? – Kaitlyn

Prepare for Live Simulation Day (Thurs 11/30): Simulation Tracker Document

 Each group needs to fill out the simulation doc (Excel file – shared in the Teams we all
joined) – update with selected controls list by 8 PM Nov. 29 (Wednesday!!)
o Note: there is a 25 point deduction if this is not completed on time