Professional Documents
Culture Documents
FRAMEWORKS
CHAPTER 5
INTERNAL CONTROL
FRAMEWORKS
RISK ASSESSMENT
- the process of identifying, assessing, and measuring risks to
the organization, program, or process under review. One of
the key benefits of this approach is that it provides the
context for the identification of risks. This is so because risks
are only relevant to the extent that they jeopardize the
achievement of objective
BUSINESS AND PROCESS RISK
This is the risk that the organization’s processes are not effectively
obtaining, managing, and disposing their assets, that the organization is
not performing effectively and efficiently in meeting customer needs, is
not creating value or is diluting value by suffering the degradation of
financial, physical, and information assets.
Business interruption risk: This risk stems from the unavailability of raw
materials, IT, skilled labor, facilities or other resources that threaten the
organization’s ability and capacity to
continue operations
Health and safety risk: Failure to provide a safe working environment for
workers exposes the organization to compensation liabilities, loss of
business reputation, and other costs
◾ Leadership risk: Workers are not being led effectively resulting in lack of
direction, motivation to perform, customer focus, management credibility,
and trust
TECHNOLOGY AND INFORMATION TECHNOLOGY
RISK
These risks relate to conditions where IT is not operating as intended, the integrity
and reliability of data is compromised, and significant assets are exposed to
potential loss or misuse. It also relates to the inability to maintain critical systems
and processes. It includes:
◾ Resources risk: Availability of funds when needed and their judicious use
for business purposes
◾ Commodity prices risk: Fluctuations in prices expose the organization to
lower margins or trading losses
◾ Foreign currency risk: Changes in foreign exchange rates can result in
the economic loss of some of the value of the asset
◾ Liquidity risk: This is the loss exposure due to an inability to meet cash
flow obligations, or the lack of buyers and sellers in a market (i.e., illiquid
market)
◾ Market: Movements in prices, rates, and indices affect the value of the
organization’s financial assets and stock price. This could also affect its cost
of capital and its ability to raise capital
SOCIAL RISK
Social risk relates to dynamics where an issue affects stakeholders who
can form negative perceptions that can cause some form of damage to
the organization. Social risk can be influenced by strategic and
operational decisions management makes that affect issues stakeholders
care about.
By being specific, goals become clearer and they avoid the ambiguity that
can often impair goalsetting. Managers and employees know what they
are expected to do and can focus their energy, resources, and priorities
accordingly to accomplish them. Another important characteristic of
specific goals is that they are easier to quantify and monitor for
performance evaluations.
Goals can be deemed achievable when they are aligned with the mission
of the organization and the individual. Furthermore, by making them
aspirational and ambitious, they build confidence and serve to motivate
those involved to pursue something great. It also helps when the goals
have milestones and checkpoints that will allow the person responsible for
their completion to witness progress.
Goals should also be aligned with the mission and strategy of the
organization, the process, and the individual. A common discovery when
reviewing processes is that there are tasks performed that do not add
value to the process or the customer.
◾ How does this activity help to meet the needs of the customer?
◾ Is this activity essential?
◾ Is this the best way to perform this activity in terms of time, effort, and
related tools (e.g., forms and data input)?
◾ What is the significance of this goal to my career and those of my team?
TIME BOUND
◾ Are there milestone dates that must be met in the interim to show we
reached a significant change or stage of development in our work?
◾ When must the goal be achieved and what evidence is needed to prove it
was done?
◾ What is the most efficient way of achieving the goal so we can
accomplish it as quickly as possible
EVALUATED
◾ Are the metrics associated with this goal evaluated? How frequently?
◾ Does the goal infringe on my values, the organization’s, and society’s?
◾ Will there be negative environmental impacts while pursuing this goal?
◾ Who has to evaluate the appropriateness, timeliness, and other
attributes of the goal?
REWARDING