Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The enterprise risk management model takes a risk-based rather than a controls-b

ID: 2372608 • Letter: T

Question

The enterprise risk management model takes a risk-based rather than a controls-based approach to the development of internal control systems. The components of this model include the following:

The Internal Environment

Objective Setting

Event Identification

Risk Assessment

Risk Response

Control Activities

Information and Communication

Monitoring

If management at ALLFIRST and AIB had taken a risk-based approach to their design and development of the internal control systems in the Treasury Department, how might they have uncovered and possibly have prevented the $691 Million fraud? Cite specific components (systems, procedures, reports etc.) that would have been included in design of the internal control system using a risk-based approach.


Discuss the different types of internal audits that an organization might conduct. Include in your discussion:

A Financial Audit

An Information Systems or Internal Control Audit

An Operational Audit

A Compliance Audit

An Investigational Audit

3. Describe how auditing information technology is integral to the financial audit process. Include in your discussion interim audits, compliance testing, financial statement audit, substantive testing, auditing through the computer, auditing with the computer, risk based auditing and any other points you feels are important to your explanation

Explanation / Answer

Components of Enterprise Risk Management

Enterprise risk management consists of eight interrelated components. These are derived

from the way management runs an enterprise and are integrated with the management

process. These components are:


• Internal Environment – The internal environment encompasses the tone of an

organization, and sets the basis for how risk is viewed and addressed by an entity’s

people, including risk management philosophy and risk appetite, integrity and ethical

values, and the environment in which they operate.


• Objective Setting – Objectives must exist before management can identify potential

events affecting their achievement. Enterprise risk management ensures that management has in

place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.


• Event Identification – Internal and external events affecting achievement of an entity’s

objectives must be identified, distinguishing between risks and opportunities.

Opportunities are channeled back to management’s strategy or objective-setting

processes.


• Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis

for determining how they should be managed. Risks are assessed on an inherent and a

residual basis.

• Risk Response – Management selects risk responses – avoiding, accepting, reducing,

or sharing risk – developing a set of actions to align risks with the entity’s risk

tolerances and risk appetite.


• Control Activities – Policies and procedures are established and implemented to help

ensure the risk responses are effectively carried out.


• Information and Communication – Relevant information is identified, captured, and

communicated in a form and timeframe that enable people to carry out their

responsibilities. Effective communication also occurs in a broader sense, flowing

down, across, and up the entity.


• Monitoring – The entirety of enterprise risk management is monitored and

modifications made as necessary. Monitoring is accomplished through ongoing

management activities, separate evaluations, or both.


Limitations

While enterprise risk management provides important benefits, limitations exist. In addition

to factors discussed above, limitations result from the realities that human judgment in

decision making can be faulty, decisions on responding to risk and establishing controls need

to consider the relative costs and benefits, breakdowns can occur because of human failures

such as simple errors or mistakes, controls can be circumvented by collusion of two or more

people, and management has the ability to override enterprise risk management decisions.

These limitations preclude a board and management from having absolute assurance as to

achievement of the entity’s objectives.



Related Questions

The energy required to change one mole of a liquid to one mole of a gas at const
Question #968499
The energy required to convert a single atom of page 6 of 19 determined from the
Question #1072821
The energy required to remove an electron from a hydrogen atom can be represente
Question #816753
The energy required to remove an electron from a surface of a solid element is c
Question #684374
The energy stored in ATP in the bond. Which describes a carbolic reaction? a. It
Question #78765
The energy stored in a capacitor (plate separation of 0.29 mm, square plates wit
Question #1436618
The energy stored in chemical bonds is a form of kinetic thermal energy potentia
Question #1065906
The energy stored in gasoline is approximately 3.50×10 4 kJ per litre; 25% of th
Question #1462102
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
The enterprise can be any organization. The requirement is that you can find way
Next
The entertaining book The Compleat Strategyst by John Williams contains many sim

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.