KnowledgeLeader Blog

Developing risk maps, heat maps and risk rankings based on subjective assessments of the severity of impact of potential future events and their likelihood of occurrence is common practice. These approaches provide an overall picture of the risks, seem simple and understandable to most people, are often the result of a systematic process, and provide a rough profile of the organization’s risks.

Once a company forms an internal audit function, completes the risk assessment process and develops an internal audit plan that is responsive to the risk assessment, it can initiate individual internal audit assignments.

Making Your Risk Assessments Count: A Compliance Perspective to Risk Assessment

The traditional approach for assessing compliance risks focuses on the severity of impact and likelihood of occurrences, often on a residual risk basis. This approach often results in a cluster of low likelihood risks with various levels of potential severity and fails to address the potential implications to the enterprise of a breakdown in established policies and procedures. For compliance risks, in lieu of mindless guesswork on probabilities, companies should consider the effects of noncompliance events in terms of the following factors:

Making Your Risk Assessments Count: An Operational Perspective to Risk Assessment

Operational assessment is often directed to assessing performance against quality, time, innovation and cost targets to identify gaps in process performance. Significant performance gaps lead to decisions around making appropriate midcourse corrections or analyzing root causes with the objective of determining actionable process improvements to close the gaps. Given this traditional approach to an operational review, the question of the appropriate level of focus arises when evaluating operational risks.

Making Your Risk Assessments Count: Consider the Distinguishing Characteristics of Risk

Traditional risk assessment approaches don’t often address the unique risk characteristics most companies face. While using a common analytical framework to evaluate risks with different characteristics may make the assessment process easier to execute, it also may not be as effective as approaches that could provide more insight into how to respond to assessed risks.

The internet of things (IoT) is an environment in which “things” – objects, animals or people – are given unique identifiers on the internet and are able to transfer data over a network without the need for human-to-human or human-to-computer interaction. The IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS) and the internet.

Most, if not all, business transactions executed today touch the information technology (IT) environment at some point in their lifecycle. As organizations plan for the next calendar year, it’s logical to regard the IT risk assessment as a critical component that should be reviewed through the internal audit function.

Copyright pirates, brand impersonators, patent flouters and trade secret thieves are a major threat to businesses, given their increased aggressiveness towards intellectual property (IP) theft. These, and any other original creative works that have economic value and are protected by law, can be categorized as IP.

An effective business process is built on a set of well-defined and clearly stated business objectives. These key objectives articulate the ideal performance results that the company expects from that process. To monitor a business process so that it stays focused on reaching the key objectives, the company chooses appropriate performance measures. Careful selection of the performance measures takes a company a long way toward improving a business process. Thus, to build and continually improve an effective business process, a company establishes:

What is Money?