Risk Assessment/Control Activities Concepts and Applications - One Day Course


Risk Assessment/Control Activities Concepts and Applications

Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives. Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how risks will be managed. A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity.

Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.

Course Description
The course presents the summary, definitions, principles and points of focus of the risk assessment and control activities components of the Internal Control Integrated Framework, 2013. The concepts and applications of the objectives setting, risk assessment and control activities are explored in detail in cumulative cases and exercises through each topic. The objective of the course is for participants to gain a detailed understanding and ability to apply the concepts, principles and points of focus of the risk assessment and control activities components of the Internal Control Integrated Framework.

The component evaluation templates from the COSO Illustrative Tools for Assessing Effectiveness of a System of Internal Control serve as the basis for principle analysis in the cases and exercises. Participants will gain a working knowledge of how to adapt the tools for use in their daily work in their respective organizations.

Prerequisite:
This course is an applications course and requires an in-depth working knowledge of the overall Framework, its components, concepts and approaches. Only those who have attended the COSO2013 Internal Control Framework Overview Course or those who have a detailed working knowledge of the new Framework should attend this course.

The course was written by Michael L. Piazza, who is the primary presenter for the course. If date conflicts arise, the client will be given the option of a secondary instructor.

Who Should Attend:
Anyone in an organization who designs, implements, applies or reviews internal control including will greatly benefit from the course and applications. These include: administrators; accountants; finance officers; managers; risk management officers; quality assurance personnel; internal auditors; and anyone providing assurance to internal control and risk management effectiveness.

Course Agenda

9:00 - 10:15
Course Overview and Introductions:
Course outline with materials and case studies are presented to engage participants in the course direction and outcomes. Participants are asked to present their information and personal/professional expectations and objectives for the course.
10:15 - 10:30
Break
10:30 - 10:45
The Summary and Definitions of the Risk Assessment and Control Activities Components:
An overview of the attributes comprising the risk assessment and control activities components are explored including the management function and the role of controls in mitigating risk and accomplishing objectives.
10:45 - 11:00
Objectives Setting and Internal Control:
A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity. The Internal Control Integrated Framework is based on accomplishing objectives in one of three overlapping categories, these categories are examined and applied as a basis for risk assessment.
11:00 - 11:30
Specifies Suitable Objectives:
Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. This principle and its related fifteen points of focus are explored and applied in case work.
11:30 - 12:00
Identifies and Analyzes Risk:
Principle 7: The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. This principle and its related five points of focus are explored and applied in case work.
12:00 - 1:00
Luncheon
1:00 - 2:15
Assesses Fraud Risk:
Principle 8: The organization considers the potential for fraud in assessing risks to the achievement of objectives. This principle and its related four points of focus are explored and applied in case work.
2:15 - 2:45
Identifies and Analyzes Significant Change:
Principle 9: The organization identifies and assesses changes that could significantly impact the system of internal control. This principle and its related three points of focus are explored and applied in case work.
2:45 - 3:00
Break
3:00 - 3:30
Selects and Develops Control Activities:
Principle 10: The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.This principle and its related four points of focus are explored and applied in case work.
3:30 - 3:45
Selects and Develops General Controls over Technology:
Principle 11: The organization selects and develops general control activities over technology to support the achievement of objectives.This principle and its related four points of focus are explored and applied in case work.
3:45 - 4:15
Deploys through Policies and Procedures:
Principle 12: The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.This principle and its related six points of focus are explored and applied in case work.
4:15 - 4:30
Summary, Discussion and Conclusion:
The concepts and applications are reviewed to summarize the Internal Control Integrated Framework risk assessment and control activities components. Participant objectives and challenges are addressed.

Purchase and Schedule a Course Offering:
PDA courses are offered through the Institute for Internal Controls (IIC). To have an IIC representative contact you about conducting the course at your organization or chapter, please complete the Request for Information form. An IIC representative will contact within one business day to discuss the details and arrange a course date that suites your organization's needs.

Course Customization:
The course can be modified for custom presentation including organizational specific cases, examples and concepts. A $5,000 customization fee covers all conversions and customizations and a one day consulting trip to the client location for interviews and sample analysis.

  1. PiazzaMedia.com
  2. ControlsFramework.com
  3. Contact Us