Risk assessment(Internal controlのComponents) -Internal controlのChangeのIdentificationとAssessment
Internal control 、内部統制。
その国際的な標準フレームワークが COSO の Framework 。
・Objectives の Achieving に関連する Risk の Identifying、Analyzing、Managing の Process
Risk assessment
リスク評価、リスクを把握して対応する一連のプロセス。Fraud に関する Information の評価も重要。
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring
Define
Organization の Objectives の Achieving に関連する Risk の Identifying、Analyzing、Managing の Process 。
Principles
Internal control の 17 principles のうち6から9が Risk assessment の Principles。
- The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
- The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
- The organization considers the potential for fraud in assessing risks to the achievement of objectives.
- The organization identifies and assesses changes that could significantly affect the system of internal control.
6. Specification of objectives
Internal control の Objectives に関連する Risk を Identification と Assessment するために、Clarity(明確な)Objectives を Specify(明示) する。
Operating objectives
- Management の Choice の Reflect
- Risk tolerance の Consider
- Operation と Financial perfomance goals の Include
- Committing of resources の Basis を Form
External financial reporting objectives
- Applicable accounting standards の Comply
- Materiality の Consider
- Entity activities の Reflect
External non financial reporting objectives
- Externally established standards と Frameworks の Comply
- Level of precision の Consider
- Entity activities の Reflect
Internal reporting objectives
- Management の Choice の Reflect
- Level of precision の Consider
- Entity activities の Reflect
Compliance objectives
- Laws and regulations の Reflect
- Risk tolerance の Consider
7. Identification and analysis of risk
Objectives の Achievement に関連する Risk を Identify し、リスク管理の Basis のために Analyze する。
- Entity、Subsidiary、Division、Operating unit、Functional levels を Include
- Internal factors と External factors を Analyze
- Appropriate な Level of management が Involve
- Identify した Risk の Significance を Estimate
- Risk response の Determine
Small entity では、CEOによる Risk の関与が Large entity の CEOより大きいが、Internal control の Components は少ないので、Risk assessment process の Structure は小さい。
8. Fraud risk assessment
Risk assessment では、Fraud の Potential を Consider する。
- Various types of fraud を Consider
- Incentive と Pressures を Assess
- Opportunities を Assess
- Attitudes と Rationalizations を Assess
9. Identification and analysis of changes
Internal control に Significant な Impact を与える Change(変化)の Identification と Assessment を行う。
- External environment の Changes を Assess
- Business model の Changes を Assess
- Leadership の Changes を Assess