Chapter 6: Internal Control and Risk Management

risk assessment

evaluation of the short-term and long-term risks associated with a particular activity or hazard

Event Identification and Risk Response

- Identify threats - Analyze risks - Implement cost-effective countermeasures - Additional considerations • Risk tolerance • Cost-benefit trade-offs

COSO Internal Control Framework

1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring

COSO Enterprise Risk Management

1. Internal Environment 2. Objective Setting 3. Event Identification 4. Risk Assessment 5. Risk Response 6. Control Activities 7. Information and Communication 8. Monitoring

COSO ERM Components and Principles

1. Risk governance and culture 2. Risk, strategy, and objective setting 3. Monitoring Enterprise Risk Management Performance

Internal Control System

All policies and procedures used to protect assets, ensure reliable accounting, promote efficient operations, and urge adherence to company policies.

Control Activities

Selects and develops activities Selects and develops general controls over technology

Objective Setting

Strategic - high level goals and mission Operations - day-to-day efficiency, performance, and profitability Reporting - internal and external Compliance - laws and regulations

Information and Communication

The component of internal control that refers to the process of identifying, capturing, and exchanging information in a timely fashion to enable accomplishment of the organization's objectives.

Control Environment

The overall attitude of management and employees about the importance of controls.

Monitoring Activities

The process of evaluating the effectiveness of an organization's system of internal control over time, including both ongoing management and supervisory activities and periodic separate evaluations.