jim tholey gambling with or managing risks ?. 2 a. business environment 1. management team 2. risk...
TRANSCRIPT
Jim Tholey
Gambling With or Managing Risks ?
2
A. Business Environment1. Management Team2. Risk Management/Evaluation3. 4.
B. Financial & Operating Env.5. Susceptible to misappropriat., fraud, loss6. Compl./Adequacy of Internal Mgmt Rpt7. 8. 9. 101112
C. Info Tech Financial Automation
D. Governance, Intrnl Cntrl & Compl13. Corporate Governance14. Internal Control Environment15. 16. 17.
Risk Factors
TOTAL – RISK QUANTIFICATION
Impact
100
Fin/AcctWgt HR
Dept2
Legal Compl ITPurchas-
ingAdmin Mrktg
Dept B
Dept C
PR Div 1 Sub A
218 163 249 157 166 277 191 145 246 153 174 142 218 186
Fin/AcctWgt HR Reg’s Legal Compl IT
Purchas-ing
Admin MrktgDept
BDept
CPR Div 1 Sub A
1. Impact2. Risk3. Risk –.
TOTAL – IMPACT QUANTIFICATION 100 220 180 300 200 220 260 140 100 240 180 260 180 220 220
Risk Rating: Low (0-130) Medium (131-210) High (211-300)
RISKY INC.RISK ASSESSMENT MODEL – 2007
3
Relative weights 15% 10% 20% 15% 15% 5% 15% 5% 100%
ABC Corporation
2007Business Processes
Complexity/Volume of Trans-actions
Level of Auto-
mation(inverse scoring)
Level of Estimation/Judgment
Reporting
Complexity/
Prior Period
Changes
Process Nature/Inherent
Risks
RoutineNon-
routine
Susceptibility of loss
due to errors/ fraud
Related Party Trans- actions
Weighted Average
Risk Score
Financial Closing & Reporting High Med Med High High Med Med Low High
Fixed Assets Low Med Med Low Low Med Med Low Low
Purchasing, AP & Disbursements Med Med Low Low High Low High Low Med
Treasury/Equity Med High High Med Med High Med Low High
Revenue, AR & Receipts Med Med Med Low High Low High Low Med
Inventory Med Med Med Med Med Med High Low Med
Record & Monitor Debt Low Med Low Low Low Low Low Low Low
Commitments & Contingencies Low Med Med Low Med Med Low Low Med
Payroll & Benefits Low Med Low Low Med Low Med Low Low
Income Tax High Med High High Med Med Med Low High
Intangibles and Impairment Med High High High High High Med Low High
Cash Handling Med Med Low Low Med Low High Low Med
Consolidations Med Med Med Med Med Med Med Low Med
Note: Level of Automation evaluation text relates directly to automation of the process. The risk scoring is inverted (i.e. High = more automation thus less risk, while Low = less automation more risk)
Sample SOX Qualitative Risk Assessment (Heat Map)
4
Qualitative Assessment of Accounts/Processes
Qualitative Risk Factors (from PCAOB AS2) WeightsCategory 1 Category 2 Category 3
Rate Score Rate Score Rate Score
● Estimation 20
● Routine/Non-routine 10
● Automatic/Manual 10
● Account/Reporting Complexity/Changes from Prior Period
10
● Susceptibility of Loss Due to Errors or Fraud 10
● Complexity/Homogeneity & Volume of Activity 10
● Nature of Accounts (Suspense/Reserve, etc.) 10
● Likelihood of Significant Contingent Liabilities 10
● Existence of Related Party Transactions 10
● TOTAL 100 100 100 100
Risk Ratings Rating
No Risk or N/A
0
Low 1
Medium Low 2
Medium 3
Medium High 4
High 5
Risk Score Score
Low 0-150
Medium 150-300
High 300-500
Risk Factors are taken directly
from AS2/AS5
Risk Factors are taken directly
from AS2/AS5
5
Risk & Impact Analysis – Risky Company
RISK
IMPACT
BUSINESS UNIT HEAT MAP
HIGH
MED
LOW
• Information Technology
• Supply Chain Management
• Finance/Acctg
• Compliance• Marketing
• Purchasing
• Investor Relations
• Human Resources• Legal
• Administration • Public Relations
6
Risk/Impact Corridor – Risky Company
RISK
IMPACT
RISK CORRIDOR
HIGH
MED
LOW
BUSINESS UNIT HEAT MAP
• Investor Relations
• Public Relations
• Information Technology
• Supply Chain Mgmt
• Finance/Acctg• Compliance
• Marketing• Purchasing
• Human Resources• Legal
• Administration
7
Risk & Impact Analysis – Risky Company
Audits are in italics
AUDITUNIVERSE HEAT MAP
RISK
IMPACT
HIGH
MED
LOW
• Capacity Planning
• Business Continuity Planning
• Disaster Recovery
• Plant Operations• Supply Chain
• SOX Compliance
• Financial Reporting
• Compliance
• Revenue Receivables
• Cash Receipts
• Human Resources• Cash Reimbursements
• Purchasing
• Marketing
• Accounts Payable
• Investments
• Public Relations• Physical Security
• T&E Reporting• Budgeting
• Bank Reconciliations
• Payroll
• Facilities
• Fixed Assets
• Legal – Corp Secretary
8
Risk & Impact Corridor – Risky Company
AUDITUNIVERSE HEAT MAP
RISK
IMPACT
HIGH
MED
LOW
RISK CORRIDOR• Capacity Planning
• Business Continuity Planning
• Disaster Recovery
• Plant Operations• Supply Chain
• SOX Compliance
• Financial Reporting
• Compliance
• Revenue Receivables
• Cash Receipts
• Human Resources• Cash Reimbursements
• Purchasing
• Marketing
• Accounts Payable
• Investments• Public
Relations
• T&E Reporting• Budgeting
• Physical Security
• Bank Reconciliations
• Payroll• Facilities
• Fixed Assets
• Legal – Corp Secretary