Your Ask Joey ™ Answer

What is the risk assessment component of COSO?

Risk assessment is one of the key components of the COSO internal control framework. It addresses how the organization assesses risk and identifies threats the organization. There are four key principles in risk assessment:

Identify and Assess Changes – The assessment of changes in the external environment as well as in leadership roles. Changes in leadership roles can often lead to an increase in risk as new motives are brought forth to the company.

Consider Potential for Fraud – The organization applies risks included in assessing pressures, opportunities, rationalizations and attitudes throughout the firm. Management should assess these three overall risks applied to employees and executive officers.

Specify Objectives – The identification and assessment of the risks in which are related to specific objectives. It is important for management to identify objectives while sustaining within the parameters of its industry regulations and compliance requirements.

Identify and Analyze Risk -The company should identify specific risks that are applicable to the organization and assess the risks that involved. Risks can either be internal or external risks and they can be risks of what would result in either potential fraud or errors made.

Back To All Questions

You might also be interested in...

  • What are the key components of the COSO internal control framework?

    Just remember it would be a CRIME to forget the 5 components. The 5 components of the COSO internal control framework include control environment, risk assessment, information & communication, monitoring, and existing control activities.

  • What are the principles for information and communication?

    Information and communication is one of five key components of the COSO internal control framework. Information and communication relates to how the company communicates information internally and externally. The three key principles are below: Obtain and Use Information – The company obtains relevant information and applies it to support its everyday operations. Internally Communicate Information – The organization is effectively communicating pertinent information necessary to support the functioning of internal controls to internal parties. Communicate externally – The organization should communicate with external parties. The organization is effectively communicating information regarding information that is relevant to the functioning of internal controls.

  • What are the key principles of the control environment?

    The control environment is one of the five key components of the COSO internal control framework. At a high-level, the control environment basically addresses “tone at the top”. It addresses the policies and procedures that are in place to provide the basis for carrying out internal controls in an organization. There are 5 key principles in the control environment include: Commitment to Ethics and Integrity – A commitment to ethical values and integrity within the company should be easily identifiable. Committing to ethics and integrity is often determined by using the “tone at the top” methodology. Board Independence and Oversight – An independent board separate from company’s management that is responsible for oversight. The independent board is responsible for providing objective oversight over the organizations internal control systems. Organizational Structure – Organizational structures are used to highlight, determine, assign, and restrict authorities and responsibilities that are necessary within the organization. Commitment to Competence – A commitment to bringing in competent employees who are capable of performing the necessary job descriptions. The human resources department will have a general responsibility for hiring capable employees and executives. Accountability – The establishment of performance measures such as annual reviews. Employees and executives who work for an organization should be held accountable for their actions and wrongdoings.