Question

What is the opinion or perspective on this idea of assessing risk in the internal control process? (See paragraph below to get an idea or answer the question.) Please raise thoughtful questions, analyze relevant issues, build on ideas, synthesize across readings and discussions, expanding the perspective, and appropriately challenging assumptions and perspectives.

Significance of assessing risk in the internal control process: In chapter 3, we learned that the purpose of the internal control process is “to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.” (Page 38, paragraph 3). One component of the internal control process is “Assessing Risk,” which requires an organization to determine, analyze and mitigate the risks inherent in achieving its goals and objectives. Without identifying, understanding and alleviating the risks involved in accomplishing it mission, an organization will both miss opportunities to improve operations and hinder its ability to achieve its goals and objectives.

According to our text on page 62, paragraph 3, “governments exist to protect the health, safety and welfare of its citizens;” to this definition, I would add the point that governments must also be as accountable and transparent as possible. For a government, therefore, assessing risks involves looking at the operations which allow the government to achieve this mission and assessing the risks inherent in these operations. Once the risks are identified, it is helpful for the government to prioritize resources so that the most significant risks are addressed first.

I work in the finance department of a Town, and the director of Finance is continually looking for risks in our business processes. If any red flags are raised, she will work quickly to adjust business processes to mitigate these risks. For example, we are currently working to reallocate or return a large portion of developer fees that were collected in the early 2000s. These fees are collected from developers to pay for the potential off-site improvements – such as road widening, or traffic lights – needed due to the impact of the new development. By law, these off-site exactions are to be returned to the payer if they are not used for the intended purpose within 6 years. Through lack of internal control –especially the component of assessing risk – the Town ended up holding onto many of these fees passed the 6 year deadline. Recently, with staff turnover, the issue of the developer fees came up and the risk of holding onto these fees any longer – namely litigation, other legal troubles, and bad press – was addressed. We are now in the process of returning the developer fees that should have already been returned. Moreover, new processes were put in place to prevent this from ever happening again, including monthly reporting and better record keeping.

Answer 1

Proper risk assessment can assist an organization managing risk and make decisions. Risk assessment if done thoroughly can help an organization to lead and stay ahead of competitors. In above scenario we are dealing with internal control in which the company has to return the developer fees. If the company has exercised proper internal control then it will be able to assess the probability estimation on the basis of which the company won't be late as it is in above case. The company should assess the risk through internal control. The practices of internal control should be revised from time to time. As in above case, the government's finance Department is late in returning the fees if the required changes in internal control would have been implemented on time then the risk assessment would have been certain and the return of fees would have been on time.

Thus, risk assessment is an integral aspect or part of internal control, and thus must be considered while designing the internal control sysytem of any organization.