Upload
angga
View
226
Download
0
Embed Size (px)
Citation preview
8/12/2019 Risk Assessment Workbook TEMPLATE
1/12
Internal A
Risk Level 1 to 3 1 to 3
F/S Risk
Factors Area Review
Mgmt
Concern
Disclosu
and Regu
Conseque
Weight 20% 5%
Information Systems System Implementations 3 1
Legal Department Lit igat ion Management & Accrual 3 3
Finance & Accounting Billing 3 3
Customer Management Customer Technical Support 3 1
Customer Management Call Center Management 3 1Legal Department Tariff Protection 3 3
Finance & Accounting Payroll 1 2
Human Resources Employee Benefits Mgt - Third Party Administration 2 2
Finance & Accounting Treasury - Debt Management (Covenant Compliance ) 2 3
Sales & Marketing Advertising & Promotions 1 1
Information Systems Data Security (Privacy) 2 2
Finance & Accounting Capital Management 3 2
Customer Management Customer Retention 3 1
Finance & Accounting Financial Close & Reporting 1 3
Finance & Accounting Line Cost 1 3
Customer Management Customer Credits/Adjustments 2 3
Information Systems Disaster Recovery/Business Continuity Plans 3 2
Finance & Accounting Revenue Recognition 1 3
Operations Inventory Mgt - CPE/Huntsville WH 2 1
Human Resources Employment Regulations 3 2
Sales & Marketing Contract Sales 3 2
Sales & Marketing Sales Branch Office 2 1
Operations Inventory Mgt. - Network Parts/Anniston W H 2 1
Finance & Accounting Treasury - Cash Management & Banking 2 3
Information Systems Help Desk & User Services 2 1
Sales & Marketing Sales Operations 3 1
Human Resources Recruiting 3 1
Sales & Marketing Customer Premise Equipment (CPE) Sales 1 2
Finance & Accounting Sales Commissions 2 2
Finance & Accounting Fixed Assets 1 2
Finance & Accounting Accounts Receivable 1 3
Information Systems IT Strategy/ Planning 3 1
Information Systems IT Network Administration 3 1
Operations Network Management, Provisioning, Grooming, etc. 3 1
Legal Department Government/Regulatory/Industry Affairs 3 2
Management & Board Mergers & Acquisitions 3 2
Human Resources Compensation 3 1
Finance & Accounting Accounts Payable 1 2
Operations Procurement 1 2
Finance & Accounting External Financial Reporting 1 3
Customer Management Field Support - Trouble Reporting & Tickets 2 1
Operations Network Operations - Switch Management 2 1
Operations Research & Development 2 1Sales & Marketing Product Development 2 1
Sales & Marketing Marketing Management & Plans 2 1
8/12/2019 Risk Assessment Workbook TEMPLATE
2/12
Internal A
Risk Level 1 to 3 1 to 3
F/S Risk
Factors Area Review
Mgmt
Concern
Disclosu
and Regula
Conseque
Weight 20% 5%
Management & Board Corporate Governance - (Authority/Approval Matrix, Disclosure
Controls, Policy Management) 2 2
Finance & Accounting Credit & Collections 1 2
Management & Board Incentive Compensation Plans 2 2
Information Systems Software Licensing 1 3
Information Systems IT Applications - ADP Enterprise 1 3
Finance & Accounting Treasury - FX/Derivatives 1 1
Finance & Accounting Travel & Entertainment 1 1
Finance & Accounting Budgeting, Forecasting, Strategic Planning 2 1
Management & Board Company Communications 2 1
Operations Engineering 2 1
Information Systems Contract Management - Service Level Agreements 1 2
Operations Safety 1 2
Information Systems Wireless Networks 1 1
Operations Network Operation Center Mgt. 1 1
Operations Energy Cost & Management 1 1
Operations Engineering Systems & Transport 1 1
Legal Department Securities Management & Stock Options Procedures1 3Human Resources Policies 1 2
Human Resources Terminations 1 2
Human Resources Worker Compensation 1 2
Human Resources Employee Relations 1 2
Legal Department Intellectual Property 1 2
Legal Department Contract Management 1 2
Legal Department Reconds Management 1 2
Legal Department Whistle Blower - Hotline 1 2
Management & Board Risk Management (General Liability,Officers & Directors,
Business Interruption) 1 2
Management & Board Risk Management - Workers Compensation 1 2
Management & Board Risk Management - Property Insurance 1 2
Management & Board SOX Program Management 1 2
Management & Board Investor Relations 1 2
Management & Board Governance Agreement 1 2
Operations Real Estate - Lease Management 1 2
Operations Fleet Management 1 2
Finance & Accounting Management Internal Reporting 1 1
Human Resources Employee Benefits Mgt - Enrollments 1 1
Human Resources Employee Performance Feedback 1 1
Human Resources Employee Communications - Feedback, Surveys 1 1
Human Resources Staffing Analysis/Workforce Management 1 1
Human Resources Training & Development 1 1
Human Resources Employee Loans 1 1
Management & Board Charitable Contributions 1 1
Management & Board Political Contributions 1 1Operations Facility Management & Physical Security 1 1
Management & Board Executive Travel & Entertainment 1 1
8/12/2019 Risk Assessment Workbook TEMPLATE
3/12
11%1%
16%
2%
5%
21%
6%1%
12%
1%
5%
8%
1%3%
9%
% of Total Risks by Risk Focus Areas
8/12/2019 Risk Assessment Workbook TEMPLATE
4/12
Aud
Sales and Marketing Contact Name Operations Contact Name Finance & Accou
Contract Sales Supply Chain Ops/Purchasing Accounts Payables
Sales Op Review Planning Accounts Receivables
Retail Quality Billings
Wholesale Construction Line Cost
Carrier Supplies, Materials and Services Invoice Auditing
Enterprise Vendor Management (i.e.: competitive
bidding, preferred suppliers)
Processing
Equipment Fleet Management Credit & Collections
Finance Review Lease Management Placement, Write-offs & Pl
Legal Review Testing and Control Credit Management
Engineering Review Network Reliability Collections
Operations Review Provisioning Capital Budgeting & Plan
Product Marketing Regulatory Compliance (i.e.. OSHA) Capital Expenditure Appro
Product Development Inventory Management Records, Depreciation & R
Sales Commissions Accounting and Valuation Non-capital purchases
Storage and Distribution
Call Center Fixed Assets
Network Operations Budgeting and Forecasti
Operator Services Closing the Books
Account Reconciliation
Account Analysis
Accruals
Internal Reporting
External Reporting
Tax Management
Federal Income Tax
State & Local Tax
Tariff Protection
Sales & Use
ResearchTravel and Expense Repo
Treasury
8/12/2019 Risk Assessment Workbook TEMPLATE
5/12
Audit Universe
Debt/Financial Structure
Cash Management
FX/Derivatives
Banking Relationships
8/12/2019 Risk Assessment Workbook TEMPLATE
6/12
Risk Categories
Risk Assessment Category Risk Category Definition Weighting
1 Consequences Severity of Consequence from Non-Compliance 5%
2 Prior Audit Prior Audit Findings 5%
3 SOX Findings Prior SOX Findings
4 Mgmt Concern Management Interest & Concern 20%5 Mgmt. Team Management Team 5%
6 Turnover Employee Turnover 25%
7 System Changes Systems Changes 10%
8 Financial Risk Size Revenue /Expense Size in Dollars 25%
9 Time Time Since Last Audit 5%
100%
Scale from 1 to 3 1 2
1
Severity of Consequence from
Non-Compliance
Considers the quantity and complexity
of legislative mandates and guidelines
that govern the audit subject under
review, as well as mandates and
guidelines governing the business unit
as a whole.
This includes:
Regulatory (PUC/FCC)
Financial
Areas where deficiencies would likely produce little or no
recourse from regulatory, legal or governmental agencies.
Areas where deficiencies would likely result in minimal or no
financial statement exposures.
Areas where deficiencies could p
repercussions from regulatory, g
This would include fines or pena
and/or short-term restrictions to
Areas wh
2 Prior Audit Findings
Considers the significance and number
of findings as well as theimplementation of corrective action.
Taken from Audit Project Reports and
SOX Observations.
No significant findings and few findings. There has been full
implementation of all corrective actions.
One or zero significant findings
andThere has been at least 90 perce
actions.
3 Management Interest & Concern
Considers the level of management
interest and/or concern that was
obtained from the Business Risk
Assessment - SOX Management
Questionnaire completed in late 2009.
Management believes this issue warrants little interest or
concern.
Management believes this issue
concern.
4 Management Team
Considers the amount of time that a
management team has been in place for
the area based on Internal Audit
knowledge.
Management has been in place over three years. Management has been in place m
than three years
Page 6 of 12
8/12/2019 Risk Assessment Workbook TEMPLATE
7/12
Risk Categories
Risk Assessment Category Risk Category Definition Weighting
1 Consequences Severity of Consequence from Non-Compliance 5%
2 Prior Audit Prior Audit Findings 5%
3 SOX Findings Prior SOX Findings
4 Mgmt Concern Management Interest & Concern 20%5 Mgmt. Team Management Team 5%
6 Turnover Employee Turnover 25%
7 System Changes Systems Changes 10%
8 Financial Risk Size Revenue /Expense Size in Dollars 25%
9 Time Time Since Last Audit 5%
100%
Scale from 1 to 3 1 2
5 Turnover
Considers the level of turnover based
actual 2009 data from Human
Resources.
Area employee turnover is great
25 percent.
6 Systems Changes
Considers any significant automated or
manual system changes and/or
upgrades and the number of issues
based on IA's knowledge. This will be
enhanced for the 2009 audit planning
using IT's annual plan.
No significant system changes and/or upgrades and no
outstanding issues.
One significant and/or several sy
and few outstanding issues.
7 Revenue /Expense Size in Dollars
Considers the annual revenues or
expense and volume transactions
initiated or processed through an area
based on actual 2008 and 2009
financial data.
Less than $15 million annual revenue or less than $1 million
expense.
Between $15 million and $50 m
between $1 million and $10 mil
8 Time Since the Last Audit
Considers when the last
financial/operational audit was
performed based on Internal Audit
history.
Less than two years since the last audit. More than two years but less tha
audit.
Page 7 of 12
8/12/2019 Risk Assessment Workbook TEMPLATE
8/12
AUDIT GRA
REF GradingCategories
Description Min Max Wei
1 Dollar Amount Other things being equal, large dollar amounts, either
flowing through a system or committed to an activity
or project, increase audit interest. As a means of
establishing a common frame of reference, use gross
revenue of the audit customer's entity as the base for
determining relative size.
Relatively Low Relatively High 9
2 Public Disclosure
Implications
Other things being equal, the prospect of significant
adverse notoriety, as a consequence of either acts of
commission or omission, serves to increase audit
interest.
Noncontroversial Highly Controversial 1
3 Internal Control The design and past performance of an internal
control system is important in judging the probability
of errors in the system. Other things being equal,areas with weak internal control are of greater audit
interest.
Strong Weak 7
4 Executive
Management
Interest
Other things being equal, expressed or implied
concern relating to an activity or project by a
responsible member of operating company
management increases audit interest. If there is no
basis for assessing management interest, arbitrarily
assi n a three.
Strong Weak 10
5 Results in Prior
Audit Other things being equal, significant adverse findings
in a prior audit increase audit interest. If there is no
prior experience, arbitrarily assign a three.
No significant
deficiencies
Serious deficiency
findings
8
6 Changes in
Personnel/Procedures
Other things being equal, a dynamic environment in
terms of personnel or procedures increases theprobability of errors and inefficiency occurring, and
consequently increases audit interest.
Static Dynamic 5
7 Complexity of
Activity
Other things being equal, as the operating complexity
of an area increases, information and control systems
tend to become more complex. This complexity
increases both the probability of error and the effort
re uired to monitor the s stem.
Simple Complex 4
8 Time Since Last
Audit
As the time since the last audit lengthens, the value of
a new audit is likely to increase. The beneficial effects
of an audit are greatest immediately before and after
a project.
Recently Audited Never Audited or Not
Recently Audited
6
9 Deviations from
Budget/PlanSignificant unfavorable variances from established
plans increase audit interest in an activity or project.
No significant variances Significant variances 3
10 Character of
Activity
Infrequent or unusual activities or projects are more
likely to result in error or inefficiency and are of
greater audit interest.
Routine and/or frequent Unusual and/or
infrequent
2
8/12/2019 Risk Assessment Workbook TEMPLATE
9/12
AUDIT GRADING MATRI
REF
Grading
Categories Points Weight Score Points 0 - 3 Points 4 - 6
1Management and
Staff Competence8 0.12 0.97
Lack of understanding of basic
accounting principles. Unqualified
Rudimentary understanding of C
Policies and GAAP. Improveme
required in the area of staff train
2Corporate Policy
Compliance9 0.15 1.36
Significant non compliance of corporate
policies
Non compliance to corporate po
without any compensating contr
place
3 Asset Management 9 0.12 1.09
Control structure exhibits major
weaknesses which could result in
material loss of company assets and/or
misstatement of revenue/expense
Weaknesses in controls could re
loss of assets or misrepresentat
profits / losses. Reliance is plac
mitigating controls
4Prior Audit
Recommendations10 0.10 1.01
Less than 50% implementation 50% to 74% implementation
5 Information Systems 8 0.10 0.81Locally developed and supported
accounting systems are poorly
maintained
Partially or fully implemented Gl
Applications with a high number
issues related to deployment an
6
Procedure and
Process
Documentation7 0.12 0.85
Few to no processes have been
documented. Not familiar or not
compliant to global standard procedures
Global standard procedures are
implemented or consistent with c
standards. No documentation e
7Financial Reporting
Integrity9 0.10 0.91
Financial reports are unreliable and
need immediate attention
Reliability of financial reporting r
improvement. Material or multip
immaterial adjustments are requ
8
Balance Sheet
Accounts Supporting
Detail8 0.12 0.97
Reconciliations or Listing of Account
Details are not performed. Material
adjustments are not properly
documented
Reconciliations or Listing of Acc
Details are not performed on a r
basis for all majoraccounts.
Reconciling items are not cleare
timely basis
8/12/2019 Risk Assessment Workbook TEMPLATE
10/12
AUDIT GRADING MATRIX
REF
Grading
Categories Points Weight Score Points 0 - 3 Points 4 - 6
9Reporting
Requirements Met9 0.06 0.55
Deadlines (Corporate and Internal) are
not met. Insufficient and/or
unmeaningful information is distributed
Significant reporting requirements a
continuously not met
TOTAL SCORE: 8.52
GRADE: ABOVE AVERAGE
Scale:
Below
Average:Less than 7.00
Average: 7.00 to 8.49
AboveAverage:
8.50 to 10.00
REFERENCE to CFO OBJECTIVES
1 Management identifies high potential individuals and assigns work that will provide a broad depth of experience, as well as benefiting the compan
2 Policies are followed and transactions are executed properly the first time without having to correct transaction mistakes.
3 Management actively seeks, identifies, and executes ways to reduce local capital, while maintaining high levels of customer service. Specific go
4 A focused effort exists to implement prior audit recommendations to improve the organizational financial integrity, process/policy compliance and
5 Aggressively working towards global system solutions with low levels of customization through process modification and government communica
6 Implementation of standard global processes including the quotation to collection cycle. Associates routinely spend time analyzing results and fo
7 Seek ways to improve the integrity of financial results, and enhance the forecasting process with more disciplined ties to the funnel.
8 Completed reconciliations that are useful tools to conduct true analysis of business issues.
9 Actively seeking ways to reduce the time necessary to close the books. Seek ways to evaluate the profitability of individual customers and order
8/12/2019 Risk Assessment Workbook TEMPLATE
11/12
Risk Factors(from 200x Form 10-K)
Risk Factor # Risk Factor Description Audit Area from Universe
1
2
3
4
5
6
7
8
9
10
11
12
13
Page 11 of 12
8/12/2019 Risk Assessment Workbook TEMPLATE
12/12
Risk Factors(from 200x Form 10-K)
Risk Factor # Risk Factor Description Audit Area from Universe
14
15
16
17
18
19
20
21
22
Page 12 of 12