Fundamentals of Risk Management
Control risk self-assessment
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk assurance techniques 409 Benefits of risk assurance
|
Control risk self-assessment
As well as undertaking physical audits, internal audit departments will often facili- tate a procedure of self-certification of controls. Self-certification of controls is an arrangement whereby local senior management complete a regular (often annual) return confirming details of the level of risk assurance that has been achieved in the department. This type of self-certification is generally known as control risk self-assessment (CRSA) and it is frequently undertaken as an electronic return or recorded on the intranet of the organization. The questionnaire for the control risk self-assessment can be based on the criteria set out in COSO, CoCo or any other relevant internal control framework, such as the 2014 risk guidance from the UK Financial Reporting Council (FRC). As well as providing confirmation of adequate levels of internal control and risk assurance, the CRSA return can also provide details of situations where significant weaknesses in controls have been identified. This information will enable the internal auditors to identify areas where additional controls may be required. Also, in addi- tion to identifying significant weaknesses, the CRSA return can require information on any material failures that have occurred. A benchmark test for identifying a material failure should be supplied and will be much lower than the test for materiality applied by external auditors. For example, an organization that had set a test of materiality at £1 million might require reports on the CRSA return of any failure in controls that resulted in an incident/loss in excess of £100,000 at departmental level. Risk assurance techniques 409 Benefits of risk assurance Corporate governance is a major concern for all organizations and their stake- holders. Therefore, risk assurance should not be an administrative or box-ticking exercise. Organizations need to demonstrate that corporate governance is a priority for management. Many organizations recognize the need for openness of risk report- ing. This requires effective communication activities to be in place at all times. Having established good communication activities, the organization needs to ensure that there are positive messages to be communicated to stakeholders. Undertaking risk assurance activities will provide assurance to all stakeholders, including employees, suppliers, customers, government departments, external audit and internal audit, as described in the text box overleaf. Obtaining risk assurance is an important part of the corporate governance arrangements for all organizations, as well as being of benefit to the strategic, tactical, operational and compliance (STOC) core processes, activities and decisions of the organization. The benefits of adequate risk assurance are that it: ● ● builds confidence with stakeholders; ● ● provides reassurance to sponsors and financiers; ● ● demonstrates good practice to regulators; ● ● prevents financial and other surprises; ● ● reduces the chances of damage to reputation; ● ● encourages the risk culture within the organization; ● ● allows more secure delegation of authority. The executive has recommended the use of an annual ‘control risk self-assessment’ (CRSA) exercise, to be conducted by internal audit, as part of the annual review of corporate governance. Each year a sample of the governance policies will be chosen by the governance panel for inclusion in the CRSA exercise. Policy custodians will be required to help formulate questionnaires and report back on the feedback received from services to internal audit. The findings from the CRSA exercise, together with the assessment of compliance against each of the supporting principles and work carried out by internal audit in accordance with the annual audit plan will be drawn together into the annual governance statement, for review by the governance panel, the audit committee and the executive committee. approaches to Crsa |
