Jump to content

Risk assurance

From Wikipedia, the free encyclopedia

Risk assurance is often associated with accounting practices and is a growing industry whereby internal processes are developed to create a "checks and balances" system. These checks predominantly identify differences between risk appetite and real risk [1].Business risk refers to factors that can affect the company, both internally and externally. There are various types of business risks: strategic, compliance, financial and operational. [2] Risk assurance aims to mitigate any of these areas. As such, companies can pre-analyse the industry to scout for potential risks or if a risk has already occurred, managers can analyse the problem in an attempt to mitigate the effects.

Risk assurance involves tiers of internal processes including management and internal controls, financial control and security, inspection, compliance, internal audit and leadership teams that are aware of the companies internal and external risks.[3] Following internal processes, assurance requires an external audit team who examines the internal processes effectiveness and reports to senior management with successes and areas for redevelopment.[4]

Auditors in risk assurance auditing filter information technology general controls (ITGCs) and completing a system and organisation control (SOC 1) report.[5][6]

Internal control is a large component of risk assurance whereby an entity's management design processes to provide reasonable assurance regarding the achievement of operational objectives, reporting and compliance.

Internal control's 5 components include:

1.     Control environment

2.     Risk assessment

3.     Control activities

4.     Information and communication

5.     Monitoring activities[7]

Physical internal control are accounting procedures that prevent fraud and ensure operational efficiency such as CCTV, passwords, and security locks. Internal audits are another internal control and play a role in corporate governance. These audits evaluate the effectiveness of a businesses' internal control.[8] Another internal control is having different employees delegated to different tasks in a transaction.

References

[edit]
  1. ^ "Office of Governance and Corporate Affairs". Risk Assurance. Charles Sturt University. Retrieved 24 March 2022.
  2. ^ "Business Risk". Corporate Finance Institute. Archived from the original on 21 January 2022. Retrieved 24 March 2022.
  3. ^ Kaplan, Robert; Mikes, Anette (June 2012). "Risk Management". Harvard Business Review. Archived from the original on 23 March 2022. Retrieved 23 March 2022.
  4. ^ Deloitte (2014). "Risk Appetite and Assurance" (PDF).
  5. ^ Ben Miron (September 9, 2008). "Understanding IT General Controls Understanding IT General Controls" (PDF). Resourcecenter.net. Archived (PDF) from the original on 26 November 2018. Retrieved 25 November 2018.
  6. ^ "Welcome to COSO". Coso.org. Archived from the original on 2018-10-16. Retrieved 2018-10-20.
  7. ^ "Components of Internal Control". www.purchase.edu. Archived from the original on 2020-11-03. Retrieved 2020-10-29.
  8. ^ Kenton, Will. "Business Essentials". Internal Controls. Archived from the original on 23 March 2022. Retrieved 23 March 2022.