What are the four responses to risk?
Management can choose to either accept risk, reduce it, or share it, or avoid it all together subsequent to risk assessment.
Risk acceptance – If the organization elects to assume all of the risk (i.e. they choose not to do anything).
Risk reduction – If the organization implements controls that mitigate the risk of a specific activity.
Risk sharing – If the organization shares the risk with another organization (e.g. insurance).
Risk avoidance – If the organization elects not to engage in an activity at all (i.e. they exist the business altogether).
You might also be interested in...
What are the key components of the COSO internal control framework?
Just remember it would be a CRIME to forget the 5 components. The 5 components of the COSO internal control framework include control environment, risk assessment, information & communication, monitoring, and existing control activities.
What are the limitations of the COSO internal control framework?
There are six major limitations of internal control that has been identified by The Committee of Sponsoring Organizations (COSO). These limitations include: Human judgement – Human judgement can be defective and can also become subject to bias. Errors – Breakdowns and failures occur as long as people are those who are operating internal control systems, […]