Risk assessment(Internal controlのComponents) -Internal controlのChangeのIdentificationとAssessment

Internal control 、内部統制。

その国際的な標準フレームワークが COSO の Framework 。

POINT

・Objectives の Achieving に関連する Risk の Identifying、Analyzing、Managing の Process

Risk assessment

リスク評価、リスクを把握して対応する一連のプロセス。Fraud に関する Information の評価も重要。

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

Define

Organization の Objectives の Achieving に関連する Risk の Identifying、Analyzing、Managing の Process 。

Principles

Internal control の 17 principles のうち6から9が Risk assessment の Principles。

  • The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
  • The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
  • The organization considers the potential for fraud in assessing risks to the achievement of objectives.
  • The organization identifies and assesses changes that could significantly affect the system of internal control.

6. Specification of objectives

Internal control の Objectives に関連する Risk を Identification と Assessment するために、Clarity(明確な)Objectives を Specify(明示) する。

Operating objectives
  • Management の Choice の Reflect
  • Risk tolerance の Consider
  • Operation と Financial perfomance goals の Include
  • Committing of resources の Basis を Form
External financial reporting objectives
  • Applicable accounting standards の Comply
  • Materiality の Consider
  • Entity activities の Reflect
External non financial reporting objectives
  • Externally established standards と Frameworks の Comply
  • Level of precision の Consider
  • Entity activities の Reflect
Internal reporting objectives
  • Management の Choice の Reflect
  • Level of precision の Consider
  • Entity activities の Reflect
Compliance objectives
  • Laws and regulations の Reflect
  • Risk tolerance の Consider

7. Identification and analysis of risk

Objectives の Achievement に関連する Risk を Identify し、リスク管理の Basis のために Analyze する。

  • Entity、Subsidiary、Division、Operating unit、Functional levels を Include
  • Internal factorsExternal factors を Analyze
  • Appropriate な Level of management が Involve
  • Identify した Risk の Significance を Estimate
  • Risk response の Determine

Small entity では、CEOによる Risk の関与が Large entity の CEOより大きいが、Internal control の Components は少ないので、Risk assessment process の Structure は小さい。

8. Fraud risk assessment

Risk assessment では、Fraud の Potential を Consider する。

  • Various types of fraud を Consider
  • Incentive と Pressures を Assess
  • Opportunities を Assess
  • Attitudes と Rationalizations を Assess

9. Identification and analysis of changes

Internal control に Significant な Impact を与える Change(変化)の Identification と Assessment を行う。

  • External environment の Changes を Assess
  • Business model の Changes を Assess
  • Leadership の Changes を Assess