Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Chapter 3

    Uploaded by

    BELMONTE, Christian Justin R.
    This document discusses risk assessments, including identifying risks, measuring risks, and using a risk matrix. It outlines some key operational risk types like capacity issues, strategic risks, compliance risks, and environmental risks. It also provides examples of impact and likelihood ratings for risks from negligible to catastrophic. The risk matrix is identified as an important tool to analyze objectives, risks, and controls during audits.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Chapter 3

    Uploaded by

    BELMONTE, Christian Justin R.
    2 views2 pages
    This document discusses risk assessments, including identifying risks, measuring risks, and using a risk matrix. It outlines some key operational risk types like capacity issues, strategic risks, compliance risks, and environmental risks. It also provides examples of impact and likelihood ratings for risks from negligible to catastrophic. The risk matrix is identified as an important tool to analyze objectives, risks, and controls during audits.

    Original Description:

    Computer Information System Audit Chapter 3 Reviewer

    Original Title

    Chapter-3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses risk assessments, including identifying risks, measuring risks, and using a risk matrix. It outlines some key operational risk types like capacity issues, strategic risks, compliance risks, and environmental risks. It also provides examples of impact and likelihood ratings for risks from negligible to catastrophic. The risk matrix is identified as an important tool to analyze objectives, risks, and controls during audits.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views2 pages

    Chapter 3

    Uploaded by

    BELMONTE, Christian Justin R.
    This document discusses risk assessments, including identifying risks, measuring risks, and using a risk matrix. It outlines some key operational risk types like capacity issues, strategic risks, compliance risks, and environmental risks. It also provides examples of impact and likelihood ratings for risks from negligible to catastrophic. The risk matrix is identified as an important tool to analyze objectives, risks, and controls during audits.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Chapter 3 - Inability to secure needed resources

    - Dependency on carbon-based sources of


    Risk Assessments
    energy
    The process of identifying, measuring, and - Business interruption caused by disease
    analyzing risks relevant to a program or process.
    Political
    This assessment is systematic, iterative, and subject
    to both quantitative and qualitative inputs and - Changes in legislation or regulation due to
    factors. This is also dependent on the timeframe of government changes
    the review. - Social unrest triggered by changes in
    government
    Identification of Risks
    It is imperative for internal auditors to remember that
    A key aspect of any risk assessment. This takes the
    there are internal and external constraints in
    form of a list of risks.
    organizations. Internal constraints include:
    This is different from risk factors since risk factors
    Equipment – the types of equipment available and
    are conditions that exacerbate or diminish a risk.
    the ways they are used limit the ability of the process
    Operational Risk Types to produce more high quality goods and deliver
    services.
    Capacity (Operational Capacity)
    People – lack of skilled and motivated workers limits
    - Inability to produce as many units as required the productive capacity of any process. Attitudes
    - Process generating excessive amounts of and other mental models embraced by workers can
    waste lead to behaviors that become a constraint on the
    - Producing too many defective parts process.
    - Delivering ordered goods or services past
    the promised date Policies – written and unwritten policies can prevent
    - Inability to provide high quality service to the process from producing more if higher quality
    every customer goods and services.

    Strategic (Business Strategies; high goals are Measurement of Risks


    aligned with the business’s mission)
    After identifying risks, they must be measured. The
    - Failing to maintain beneficial relationships measurement process can be subjective or
    with customers quantitative and either driven by facts or not.
    - Computer system’s inability to support the
    Subjective measures are driven by the participant’s
    operating unit’s needs
    experience and intuition about the risks involved.
    - Manufacturing lines being unable to keep
    pace with sales growth Impact Ratings by Range
    - Lack of funding to finance business
    expansion
    - Knowledge drain due to employee turnover
    - Failure to respond to changing customer
    preferences
    Compliance
    - Failure to meet external requirements
    - Failure to meet internal standards operating Likelihood ratings by Range
    procedure requirements
    - Failure to meet combined requirements
    Natural Environment
    - Energy supply disruption
    - Damage from fire, water, or natural disasters
    Sample Nonlinear Likelihood Ratings - More than 500 people displaced for a
    prolonged duration.
    Expanded Likelihood Ratings

    Expanded Impact Ratings


    Negligible – very low
    - Very little damage or harm. No disruption in
    operations. Insignificant number of injuries,
    number of people displaced, and number of
    people support required.
    Marginal – low – minor damage or harm
    - No significant disruptions in operations. Less
    likely to cause any significant harm to staff or
    others and could be managed. Risk Matrix
    - Small number of people affected. Small
    number of minor injuries. Minor damage to A widely used and highly effective tool to record and
    properties. Minor displacement of people for analyze the objectives, risks, and controls in the
    less than 24 hr. program or process that is being audited as defined
    in the scope definition.
    Critical – moderate – significant damage or harm
    This is an essential ingredient when conducting risk-
    - Event may cause very short disruptions to based audits, as the provide a means to capture and
    operations. Likely there is significant injury to analyze these items.
    staff and could result in moderate loss of
    assets but event is manageable.
    - Significant number of casualties.
    - Localized displacement of more than 100
    people for up to 3 days.
    Severe –high – serious damage or harm
    - May cause significant disruption or
    suspension in operations.
    - May cause significant injury or death of
    workers or staff. Risk Score
    - Significant damage requiring external Low = 1 – 8
    resources to support local respondents.
    - 100 – 500 people in danger and displaced for Medium or Moderate = 9 – 17
    more than 1 week.
    High = 18 – 25
    Catastrophic – very high – critical – extreme damage
    To compute for risk score, multiply impact and
    or harm
    likelihood.
    - Long-term suspension of operations and
    possible office or program closure.
    - Imminent loss of life.

    You might also like