Professional Documents
Culture Documents
Sox Risk Assessment
Sox Risk Assessment
Internal Control Assessment Process: Date: Process Owner: Process Lead: Process Code:
Risk Score
Severity Probability Detection
Attachment E
SAMPLE
Interactions (Actors) Consequences / Impact
Score
Objectives
Vulnerability / Risks Objectives 1 Vulnerability / Risks 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Cause
Preventive Controls
Detective Controls
Reactive Controls
Key:
Objectives - Definition of process objectives Vulnerabilitiy/Risk - Uundesirable events that keep us from achieving our objectives. Cause - Activities that could cause the undesirable event to occur. Interactions (Actors) - Processes affected by the undesirable event. Consequences Impact - Impact to the processes, systems, or organization if the undesirable event occurs. Risk Score - Objective measure of relative risk to the Company. Preventive Controls - Controls that prevent the undesirable event from occurring. Detective Controls - Controls detect the occurance of an undesirable event. Reactive Controls - Controls or processes needed to contain the impact should the undesirable event occur. Traced to IS or Manual Process - Link of designed control to actual control. Residual or Remaining Risk - Risk remaining after preventive controls. Corrective Action - Allows for a logging the process used to manage residual risk and for correction of ineffective controls. Responsibility - Employee responsible for implementing corrective action. Target Date - Date by which corrective action will be complete.