ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "One Month to More Effective Internal Controls - COSO Objective II: Risk Assessments"
Episode Synopsis
Objective II is designed to provide a company with a “dynamic and iterative process for identifying and assessing risks.” For the compliance practitioner, none of this will sound new or even insightful, however the Framework requires a component of management input and oversight that was perhaps not as well understood.
The objective of Risk Assessment consists of four principles.
Principle 6: Suitable objectives.
Principle 7: Identifies and analyzes risk.
Principle 8: Fraud risk.
Principle 9: Identifies and analyzes significant change.
The SEC has made it clear that companies should be expanding their view of risk in implementing the COSO 2013 Internal Controls Framework. Obviously, risk assessments are a cornerstone of a best practices compliance program as laid out in the 2012 FCPA Guidance and in the DOJ’s Evaluation. The regulators are telling companies specifically that they should be seeing new risks that they need address because of the changes brought about by the new standard.
Three key takeaways:
Risk assessments are required under the COSO 2013 Internal Controls Framework, the 2012 FCPA Guidance and almost all other best practices compliance programs.
Look at your risks across your organization and not in a siloed manner.
Risks, both determination and management of, changes over time so be cognizant of changes in business practices on the ground.
For more information on how to build out a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.
Learn more about your ad choices. Visit megaphone.fm/adchoices
The objective of Risk Assessment consists of four principles.
Principle 6: Suitable objectives.
Principle 7: Identifies and analyzes risk.
Principle 8: Fraud risk.
Principle 9: Identifies and analyzes significant change.
The SEC has made it clear that companies should be expanding their view of risk in implementing the COSO 2013 Internal Controls Framework. Obviously, risk assessments are a cornerstone of a best practices compliance program as laid out in the 2012 FCPA Guidance and in the DOJ’s Evaluation. The regulators are telling companies specifically that they should be seeing new risks that they need address because of the changes brought about by the new standard.
Three key takeaways:
Risk assessments are required under the COSO 2013 Internal Controls Framework, the 2012 FCPA Guidance and almost all other best practices compliance programs.
Look at your risks across your organization and not in a siloed manner.
Risks, both determination and management of, changes over time so be cognizant of changes in business practices on the ground.
For more information on how to build out a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.
Learn more about your ad choices. Visit megaphone.fm/adchoices
More episodes of the podcast 31 Days to a More Effective Compliance Program
Day 28 - The Importance of Data Governance
28/01/2025
Day 26 - CCO Authority and Independence
26/01/2025
Day 24 - Internal Reporting and Triage
24/01/2025
Day 23 - Investigative Protocols
23/01/2025
Day 22 - Levels of Due Diligence
22/01/2025
In God we trust