Question

What is the opinion or perspective on this? Please raise thoughtful questions, analyze relevant issues, build on ideas, synthesize across readings and discussions, expand the perspective, and appropriately challenge assumptions and perspectives.

Significance of assessing risk in the internal control process: The significance of assessing risk in the internal control process is to mitigate against issues that would inhibit an entities ability to achieve its mission, goals, and objectives. The responsibility of assessing risk will typically fall to management and is only as successful as the manager’s experience and judgement. Our text reads “Judgement is a critical element in defining the likelihood and impact of a negative event.”[1] (Ives & Hancox, 2014, p.67) Our text goes on to list the characteristics of a person with good judgement as discernment, reasoning and rationality, perception, penetrating mind, and insight.

The importance of assessing the likelihood and impact of a negative event lends to the analysis of managing risk. If a risk is highly likely, but has a low level of impact, managing the risk may entail accepting the risk and doing nothing at all. On the other hand, if the risk is highly likely and has a high level of impact, managing the risk will fall into the risk prevention category and management will need to come up with a plan for prevention.

Risks can vary greatly, they can consist of internal risk, external risk, risk to business operations, financial risk, etc. Where I work, we have had a number of recent retirements and it came to our attention that there are several critical processes that do not have proper backup support. For example, we identified a risk that could prohibit the agency’s ability to run payroll. We only have one person that knows how to run payroll in the entire agency, and if something were to happen to that person, it would be very difficult for the agency to process payroll on time. After identifying the risk, we put a plan in place to train a backup for payroll. We have also written in to our business practices that the person responsible for backing up payroll will process payroll at least once every six months in order to remain knowledgeable in the process.

[1] Martin Ives and David Hancox, Government Performance Audit in Action (Albany, New York, 2014), p.67.

Answer 1

Answer

Discussion on significance of assessing risk in the internal control process

1. It is being given that, the responsibility of assessing risk will typically fall to management and is only as successful as the manager’s experience and judgement.

It can be noted that, the responsibility to frame policies on internal control risks lies with management. Management will usually delegate the responsibility of assessing the risks and framing the controls to designated personnel in the organization. Thereafter, auditors will verify the controls in place as per GAAS standards and give their report on internal controls.

2. It is being given that, if a risk is highly likely, but has a low level of impact, managing the risk may entail accepting the risk and doing nothing at all.

Generally, to mitigate any risk the cost of implementing controls should give benefits more than the loss that will occur. For less likely risks, management may not act, considering the materiality of the risk.

On the other hand, if risk is high, the control lapses might give rise to serious lapses in financial reporting process. Therefore all high risk items need to be addresses on time.

3. It is being given that, risks can vary greatly, they can consist of internal risk, external risk, risk to business operations, financial risk, etc.

It is to be noted that, internal controls will not always have financial impact. Non-financial control lapses might give rise to risk to business operations.