Scribd Logo
Upload

Welcome to Scribd!

  • Sox Risk Assessment

    Uploaded by

    Vinit Lahoti
    45 views1 page
    The document provides a template for conducting an internal control assessment process. It outlines key elements to evaluate such as objectives, vulnerabilities, risks, controls, residual risks, and corrective actions. Information is collected on processes, consequences, risk scoring, preventive controls, detective controls, reactive controls, and responsibilities for improvement. The template enables a thorough examination of risks and controls across the organization.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    XLS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides a template for conducting an internal control assessment process. It outlines key elements to evaluate such as objectives, vulnerabilities, risks, controls, residual risks, and corrective actions. Information is collected on processes, consequences, risk scoring, preventive controls, detective controls, reactive controls, and responsibilities for improvement. The template enables a thorough examination of risks and controls across the organization.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xls, pdf, or txt
    45 views1 page

    Sox Risk Assessment

    Uploaded by

    Vinit Lahoti
    The document provides a template for conducting an internal control assessment process. It outlines key elements to evaluate such as objectives, vulnerabilities, risks, controls, residual risks, and corrective actions. Information is collected on processes, consequences, risk scoring, preventive controls, detective controls, reactive controls, and responsibilities for improvement. The template enables a thorough examination of risks and controls across the organization.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xls, pdf, or txt
    of 1

    RISK AND CONTROLS MATRIX

    Internal Control Assessment Process: Date: Process Owner: Process Lead: Process Code:
    Risk Score
    Severity Probability Detection

    Attachment E

    SAMPLE
    Interactions (Actors) Consequences / Impact
    Score

    Objectives
    Vulnerability / Risks Objectives 1 Vulnerability / Risks 2 3 4 5 6 7 8 9 10 11 12 13 14 15

    Cause

    Preventive Controls

    Detective Controls

    Reactive Controls

    Traced to IS or manual process

    Residual or Remaining Risk Corrective Action Responsibility Target Date

    Key:
    Objectives - Definition of process objectives Vulnerabilitiy/Risk - Uundesirable events that keep us from achieving our objectives. Cause - Activities that could cause the undesirable event to occur. Interactions (Actors) - Processes affected by the undesirable event. Consequences Impact - Impact to the processes, systems, or organization if the undesirable event occurs. Risk Score - Objective measure of relative risk to the Company. Preventive Controls - Controls that prevent the undesirable event from occurring. Detective Controls - Controls detect the occurance of an undesirable event. Reactive Controls - Controls or processes needed to contain the impact should the undesirable event occur. Traced to IS or Manual Process - Link of designed control to actual control. Residual or Remaining Risk - Risk remaining after preventive controls. Corrective Action - Allows for a logging the process used to manage residual risk and for correction of ineffective controls. Responsibility - Employee responsible for implementing corrective action. Target Date - Date by which corrective action will be complete.

    You might also like