Risk Assessment Worksheet
-
Upload
mary-nicks -
Category
Documents
-
view
223 -
download
0
Transcript of Risk Assessment Worksheet
-
8/2/2019 Risk Assessment Worksheet
1/64
Contributed June 27, 2002 by Don Whitehouse
Instructions for completing the risk assessment model.
1. Begin by inputting the information into the Objectives worksheet. The AUDIT column should consistoptional (Type, Unit, Objective and Key Contacts).
2. Each audit listed automatically copies to the remaining worksheets.
3. Go to the Summary worksheet. The Summary worksheet contains a Criteria legend.
4. Input the estimated audit hours needed to complete each audit. See estimated hours column.
5. Next, Point and click on each criteria under the Criteria Legend to input risk assessment data. Eacheach criteria element to help assign rankings. The Summary worksheet is automatically updated.
6. Go to the SORT worksheet. Point and click on the SORT BY RANK button.
7. While in the SORT worksheet, point and click on the available hours link. Input information as requir
8. Input the hours available for each audit by year for a 5-year plan. The net available or needed hoursbeginning at column V.
NOTE: Each time data is updated in step 5, criteria worksheet, all the subsequent steps must be
-
8/2/2019 Risk Assessment Worksheet
2/64
of the audit universe. Other columns are
Criteria worksheet contains comments for
d to get total available person-hours.
are automatically calculated. See row 16
repeated.
-
8/2/2019 Risk Assessment Worksheet
3/64
AUDIT OBJECTIVES
Data Entry Cells
Audit Type Legend: Unit Legend:
F Financial C1 Company 1
O Operational C2 Company 2
C Compliance C3 Company 3
C4 Company 4
C5 Company 5
C6 Company 6
C7 Company 7
AUDIT UNIT OBJECTIVE
Accounts Payable OF All Effectiveness and efficiency of A/P process. Controls over cash disbursements.
Accounts Receivable OF CII Effectiveness and efficiency of A/R process. Controls over cash receipts
SUMMARY PAGE
TYPE
SORT PAGE
-
8/2/2019 Risk Assessment Worksheet
4/64
C7 Company 7
AUDIT UNIT OBJECTIVETYPE
-
8/2/2019 Risk Assessment Worksheet
5/64
C7 Company 7
AUDIT UNIT OBJECTIVETYPE
-
8/2/2019 Risk Assessment Worksheet
6/64
Key Contacts
-
8/2/2019 Risk Assessment Worksheet
7/64
Key Contacts
-
8/2/2019 Risk Assessment Worksheet
8/64
Key Contacts
-
8/2/2019 Risk Assessment Worksheet
9/64
2002 RISK ASSESSMENT WORKSHEET
INTERNAL AUDITING
FIVE-YEAR AUDIT PLAN RISK ASSESSMENT ANALYSIS
Unit Legend: Criteria Legend:
C1 Company 1 A F
C2 Company 2 B G
C3 Company 3 C H
C4 Company 4 D I
C5 Company 5 E JC6 Company 6
C7 Company 7
Audit Type Legend:
F Financial
O Operational
C Compliance
A B C D E F G H I J RISK EST Last
EVAL MAX AUDIT AUDIT FIVE YEAR A
AUDIT UNIT 45 27 18 18 45 9 27 18 9 27 SCORE SCORE HOURS DATE 2002
OF C1 0 0 0 0 0 0 0 0 0 0 0 243 120
OF C2 0 0 0 0 0 0 0 0 0 0 0 243 120
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
Nature of Operations
Nature of Transactions
Management
Dollar Volume/Materiality
Changes in Procedures/Personnel
Results of Prior Audits/Mgmt Interest
Time Since Last AuditExternal Influences
MAXIMUM SCORE
VARIABLE
SORT PAGE
TYPE
Systems Opportunities to achieve operating benefits
AUDIT OBJECTIVES
Accounts Payable
Accounts Receivable
0
0
0
0
0
0
0
0
0
0
0
Data entry cells
-
8/2/2019 Risk Assessment Worksheet
10/64
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 2430 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0
0
0
0
0
0
0
0
0
0
0
00
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
-
8/2/2019 Risk Assessment Worksheet
11/64
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 2430 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0
0
0
0
0
0
0
0
0
0
0
00
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
-
8/2/2019 Risk Assessment Worksheet
12/64
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 2430 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 243
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
-
8/2/2019 Risk Assessment Worksheet
13/64
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 201
-
8/2/2019 Risk Assessment Worksheet
14/64
-
8/2/2019 Risk Assessment Worksheet
15/64
-
8/2/2019 Risk Assessment Worksheet
16/64
-
8/2/2019 Risk Assessment Worksheet
17/64
2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 203
-
8/2/2019 Risk Assessment Worksheet
18/64
-
8/2/2019 Risk Assessment Worksheet
19/64
-
8/2/2019 Risk Assessment Worksheet
20/64
-
8/2/2019 Risk Assessment Worksheet
21/64
2042 2043
-
8/2/2019 Risk Assessment Worksheet
22/64
INTERNAL AUDITING MRU
FIVE-YEAR AUDIT PLAN RISK ASSESSMENT ANALYSIS
Unit Legend: Criteria Legend:
C1 Company 1 A F
C2 Company 2 B G
C3 Company 3 C H
C4 Company 4 D I
C5 Company 5 E JC6 Company 6
C7 Company 7
315
Audit Type Legend: Sum of Assigned Hours 20
F Financial Net 295
O Operational
C Compliance
A B C D E F G H I J RISK EST Last
EVAL MAX AUDIT AUDIT FIVE YEA
AUDIT UNIT 45 27 18 18 45 9 27 18 9 27 SCORE SCORE HOURS DATE 200
Accounts Payable OF C1 0 0 0 0 0 0 0 0 0 0 0 243 120 12
Accounts Receivable OF C2 0 0 0 0 0 0 0 0 0 0 0 243 120 8
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 2430 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 2430 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 2430 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 2430 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
0 0 0 0 0 0 0 0 0 0 0 0 0 0 243
NOTE: A
than
Systems Opportunities to achieve operating benefits
AUDIT OBJECTIVES
TYPE
VARIABLE
SUMMARY PAGE
Available Hours
Nature of Operations Dollar Volume/Materiality
MAXIMUM SCORE
Changes in Procedures/PersonnelNature of Transactions
Time Since Last AuditExternal Influences
Results of Prior Audits/Mgmt InterestManagement
-
8/2/2019 Risk Assessment Worksheet
23/64
A. Nature of Operations
NATURE OF OPERATIONS
AUDIT
Significant
Changes
Pressure
Meeting
Objectives
Clearly
Defined
Objectives
Strategic
Value
Inherent
Risk Total Score
Total
Possible
Score
Accounts Payable 0 45
Accounts Receivable 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 450 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 450 0 45
RANK
1 = Low risk to 9 = High risk
SUMMARY PAGE
-
8/2/2019 Risk Assessment Worksheet
24/64
A. Nature of Operations
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
-
8/2/2019 Risk Assessment Worksheet
25/64
A. Nature of Operations
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
-
8/2/2019 Risk Assessment Worksheet
26/64
A. Nature of Operations
C5Cell:Significant Changes: Measure of exposure relating to past and future changes impacting the unit.Comment:1. No significant changes experienced and minimal change is anticipated within the next year.5. Significant changes have occurred in the past year but are not anticipated within the next year.9. Unit will significantly change within the year.
D5Cell:Pressure Meeting Objectives: Measure of exposure relating to the sacrificing of accuracy for speed in executing transactionsComment:1 Quality is of the highest priority and existing deadlines have limited influence on work.
3 Unit tries to meet certain deadlines but is frequently late if errors exist.7 Unit must meet deadlines but will delay only if there are material problems.
9 Unit must meet certain deadlines and anything late is not acceptable.
E5Cell:Clearly Defined Objectives: Measure of the unit's understanding of its objectives and how they support the company's overall objectivesComment:1 Unit has clearly defined measures of performance which support the Company's overall objectives.5 Unit has some understanding of its objectives and how they support the company's overall objectives.
9 Unit's objectives are not clearly defined and do not support the Company's overall objectives.
F5Cell:Strategic Value: The company places significant value on the success of the division for future growth.Comment:1 The unit is important, but not significant to future operations, unit's future is stable.9 The unit is crucial for future success of company, uncertainty exists in the unit's future.
G5Cell:Inherent Risk: Each activity carries a certain risk comes with performing that activity.Comment:1 Low volatility or fluctuation to the unit's processes, products or external influences. The unit processes or produces a product that is dimarket or convert to personal use.
5. The unit's processes, products or external influences change frequently, however ample time is allowed to react to the changes. The processes or produces a product that is marketable or converted to personal use with limited difficulty.
9 The unit's processes, products or external influences change frequently and with little or no notice. High volatility.The unit processes oproduces a product very marketable and desired.
-
8/2/2019 Risk Assessment Worksheet
27/64
B. Nature of Transactions
NATURE OF TRANSACTIONS
AUDIT
Number of
Transactions
Complexity of
Transactions
Accuracy of
Information Total Score
Total
Possible
Score
Accounts Payable 0 27
Accounts Receivable 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 270 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 270 0 27
RANK
1 = Low risk to 9 = High risk
SUMMARY PAGE
-
8/2/2019 Risk Assessment Worksheet
28/64
B. Nature of Transactions
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
-
8/2/2019 Risk Assessment Worksheet
29/64
B. Nature of Transactions
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
-
8/2/2019 Risk Assessment Worksheet
30/64
B. Nature of Transactions
C5Cell:Number of Transactions: Measure of the exposure due to accuracy being sacrificed because of the number of transactions that must beComment:handled.1 Unit has low volume and time to recheck work.4 Volume is moderate but time is available to correct most problems.
7 Volume is high and only serious problems are handled immediately.9 Volume is very high. Almost all error research is put off and only material problems are looked into.
D5Cell:
Complexity of Transactions: Measure of the level of complexity involved in transactions related to the unit.Comment:1 Transactions are simple and routine.
4 Transactions are moderately simple and require limited judgement.7 Transactions are fairly complex and may require personal judgement.
9 Transactions are complex and require involved thought processes.
E5Cell:Accuracy of Information: Measure of the exposure that has been mitigated by the accuracy of unit information.Comment:1 Information processed or retained by the unit has an excellent record of complete accuracy.3 Inaccuracy existing in information is not material to the unit.
5 Unit has experienced or is experiencing information accuracy problems, but the effect is only slightly material.7 Accuracy of the information is often suspect.
9 Unit has or is experiencing serious accuracy information problems.
-
8/2/2019 Risk Assessment Worksheet
31/64
C. Management
MANAGEMENT
AUDIT
Attention given
by Management
Monitoring
Activities Total Score
Total
Possible
Score
Accounts Payable 0 18
Accounts Receivable 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 180 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
RANK
1 = Low risk to 9 = High risk
SUMMARY PAGE
-
8/2/2019 Risk Assessment Worksheet
32/64
C. Management
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
-
8/2/2019 Risk Assessment Worksheet
33/64
C. Management
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
-
8/2/2019 Risk Assessment Worksheet
34/64
C. Management
C5Cell:Attention Given to Area by Senior Management: Measure of the attention given to the unit by senior management which mitigates risk.Comment:1 Senior management is fully aware of the activity of the unit.3 Senior management has periodic appraisal of the activity of the unit.5 Senior management has limited awareness of the activity of the unit.
7 Unit has past, current or potential problems and limited awareness by senior management.9 Serious exposures or actual problems have not been communicated to senior management.
D5Cell:
Monitoring Activities: Measure of the monitoring activities utilized by departmental management to mitigate risk or exposure in the unit.Comment:1 Departmental management is fully aware of all unit activity.
3 Departmental management adequately monitors unit activity.5 Departmental management monitors problem areas of the unit.
7 Departmental management becomes involved only if there are major problems with unit activity.9 There is no communication between staff and departmental management of the unit.
-
8/2/2019 Risk Assessment Worksheet
35/64
D. External Environment
EXTERNAL INFLUENCES
AUDIT
Compliance
with
Regulations
Market
Stability Total Score
Total
Possible
Score
Accounts Payable 0 18
Accounts Receivable 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 180 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
RANK
1 = Low risk to 9 = High risk
SUMMARY PAGE
-
8/2/2019 Risk Assessment Worksheet
36/64
D. External Environment
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
-
8/2/2019 Risk Assessment Worksheet
37/64
D. External Environment
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
-
8/2/2019 Risk Assessment Worksheet
38/64
D. External Environment
C5Cell:Compliance with Regulations: Measure of the exposure due to complexity and volume of regulations or penalties for noncompliance.Comment:1 Few regulations and little risk for noncompliance.4 Either substantial regulations or penalties.7 Substantial volume of transactions with substantial penalty.
9 Heavily regulated with serious ramifications for noncompliance.
D5Cell:Market Stability: Measure of exposure related to the units reliance on customers, vendors, etc.Comment:
1 Market is very stable. Customers and vendors are static.5 Market is relatively stable. Significant customers and vendors are static but smaller customers and vendors are volatile.
9 Market is very volatile. Significant customers and vendors change frequently.
-
8/2/2019 Risk Assessment Worksheet
39/64
E. Systems
SYSTEMS
AUDIT
Integrity:
Reliance on
Information
Systems
Relevance:
Ability to
Satisfy
Business
Objectives
Access:
Unauthorized
Access and
Transactions
Availability:
Level of
Support
Complexity:
Relative number
of transactions,
files and devices Total Score
Total
Possible
Score
Accounts Payable 0 45
Accounts Receivable 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 450 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
SUMMARY PAGE
RANK
1 = Low risk to 9 = High risk
-
8/2/2019 Risk Assessment Worksheet
40/64
E. Systems
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 450 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 450 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 450 0 45
-
8/2/2019 Risk Assessment Worksheet
41/64
E. Systems
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 450 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 45
0 0 450 0 45
0 0 45
0 0 45
-
8/2/2019 Risk Assessment Worksheet
42/64
E. Systems
C5Cell:Reliance on Information Systems Applications/Criticality: Measure of exposure related to the disruption of information processingComment:1 System applications are time savers and the task can be performed manually.
3 Manual procedures and reinstallation of unmodified application packages are easily performed if the system application is not availablHistorical data can be ignored for up to one month.5 Costs of temporary remedies if the application were unavailable would be significant if extended over one business week. Access to
historical data must be available within one week.7 Unit has critical weeks or periods in which the application and historical data must be available. Transactions must be processed with
business days in order to be effective.9 Unit has critical applications which must be available real-time. Processing may require constant supervision.
D5Cell:Ability to Satisfy Business Objectives: Measure of exposure related to the r isk of an information system application not meeting the needComment:management.
1 Application is satisfying all or most functional requirements with adequate response periods.3 Application does not meet all business objectives or has some time response issues. Minor technical or functional changes are requir
planned.5 Technical and functional modifications are scheduled to make the application meet the majority of the unit's business objectives within
required time frames.7 Business objectives are changing such that the application will need significant modifications, which are not yet planned.
9 Application is scheduled for replacement or is currently in the process of being replaced.
E5Cell:Unauthorized Access: Risk to the company resulting from disclosure of sensitive information.Comment:1 Systems contain generally available information, manipulation of data would have no impact.
5 Systems contain confidential information; however, disclosure or manipulation of such information would only have a minimal impact ooperations. Controls are strong.
9 System contains highly confidential information; disclosure or manipulation would have a significant impact on operations.
F5Cell:Level of Support: Measure of exposure related to systems not being adequately supported.Comment:1 Technical support (in-house or vendor) is proactive to platform and functional issues with the application and provides timely, cost-effeupgrades. They solicit user requests for changes and initiate technical change requests when appropriate with user knowledge, approv
testing.3 Technical support (in-house or vendor) has minimal requests for changes and completes work adequately and timely with user approv
tests of changes.5 Technical support (in-house or vendor) is responsive to business needs and objectives and provides timely, cost-effective modification
Some changes are not communicated to and tested by users.9 Technical support (in-house or vendor) delays completion of support requests due to limited staff or knowledge. Some changes havedue to lack of user involvement and approval resulting in failures.
G5Cell:Complexity: Measures the relative number of users, interfaces, input items, physical files, logical files, simultaneous interactive queries, Comment:
-
8/2/2019 Risk Assessment Worksheet
43/64
E. Systems
xones supported, devices, and transaction volume. Also, measures the complexity of individual transactions, core programming languag
network.1 Relative low complexity
5 Average complexity9 Applicable systems are highly complex and require experienced personnel to maintain.
-
8/2/2019 Risk Assessment Worksheet
44/64
F. Dollar Volume/Materiality
DOLLAR VOLUME/MATERIALITY
AUDIT Materiality Total Score
Total
Possible
Score
Accounts Payable 0 9
Accounts Receivable 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 90 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
RANK
1 = Low risk to 9 = High risk
SUMMARY PAGE
-
8/2/2019 Risk Assessment Worksheet
45/64
F. Dollar Volume/Materiality
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
-
8/2/2019 Risk Assessment Worksheet
46/64
F. Dollar Volume/Materiality
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
-
8/2/2019 Risk Assessment Worksheet
47/64
F. Dollar Volume/Materiality
C5Cell:Measure of the volume and/or materiality of the unit.Comment:1. Less than $100,0003. Less than $500,0005. Less than $1,000,000
7. Less than $10,000,0009. Greater than $50,000,000
-
8/2/2019 Risk Assessment Worksheet
48/64
G. Changes in Procedures/Personnel
CHANGES IN PROCEDURES/PERSONNEL
AUDIT
Training /
Experience
Adequacy of
Staffing
Levels
Segregation of
Duties Total Score
Total
Possible
Score
Accounts Payable 0 27
Accounts Receivable 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 270 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
SUMMARY PAGE
RANK
1 = Low risk to 9 = High risk
-
8/2/2019 Risk Assessment Worksheet
49/64
G. Changes in Procedures/Personnel
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
-
8/2/2019 Risk Assessment Worksheet
50/64
G. Changes in Procedures/Personnel
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
-
8/2/2019 Risk Assessment Worksheet
51/64
G. Changes in Procedures/Personnel
C5Cell:Training/Experience: Measure of the level of training and related experience given to the employees of the unit.Comment:1 Staff is well-experienced and well-trained with all unit policies and procedures.4 Staff experience is adequate and training is provided.7 Staff has a mix of experience and training is only provided if problems arise.
9 Staff is inexperienced and little or no training is provided.
D5Cell:Adequacy of Staffing Levels: Considers the number of transactions and the number of employees; measure of the adequacy of the staffComment:
level of the unit as it relates to the achievement of the unit's objectives.1 Staffing levels are appropriate to support the volume of transactions.
5 Open positions are causing difficulty in supporting the volume of transactions9 Staffing levels are not adequate to support the volume of transactions.
E5Cell:Segregation of Duties: Measure of how exposure has been mitigated by separating duties within critical operations.Comment:1 Segregation of duties provides good error detection and requires collusion to defraud.
4 Responsibilities for certain functions are divided, however, individuals have full control over some transactions.7 Individuals have full control over certain transactions but their work is subject to periodic review.
9 Individuals have full authority and responsibility for transactions with no or ineffective monitoring controls. I.e. there is no segregation oduties.
-
8/2/2019 Risk Assessment Worksheet
52/64
H. Results of Prior Audits/
Management Interest
PRIOR AUDIT RESULTS/MGT INTEREST
AUDIT
Audit
Findings Follow-up Total Score
Total
Possible
Score
Accounts Payable 0 18
Accounts Receivable 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 180 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
RANK
1 = Low risk to 9 = High risk
SUMMARY PAGE
-
8/2/2019 Risk Assessment Worksheet
53/64
H. Results of Prior Audits/
Management Interest
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
-
8/2/2019 Risk Assessment Worksheet
54/64
H. Results of Prior Audits/
Management Interest
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
0 0 18
-
8/2/2019 Risk Assessment Worksheet
55/64
H. Results of Prior Audits/
Management Interest
C5Cell:Measure of the results of prior audits (based on report classification) and any know weaknesses of the unit.Comment:1. No audit findings.3. Low risk audit findings only.5. No audit findings above medium risk.
7. No audit findings above high risk.9. A high risk audit finding was discovered.
D5Cell:
Measures the committment of management to address audit issues.Comment:1. No audit findings or all findings were corrected within target completion date.
3. Action taken to address findings is reasonable although some target dates may have been missed.5. Little action was taken to address findings, however intermediate fixes reduce the level of risk.
7. Procedures were developed to address findings, but were not enforced.9. No action was taken to address the findings. Circumstances have not changed and the findings still exist.
-
8/2/2019 Risk Assessment Worksheet
56/64
I. Time Since Last Audit
TIME SINCE LAST AUDIT
AUDIT
Time since
Last Audit Total Score
Total
Possible
Score
Accounts Payable 0 9
Accounts Receivable 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 90 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
RANK
1 = Low risk to 9 = High risk
SUMMARY PAGE
-
8/2/2019 Risk Assessment Worksheet
57/64
I. Time Since Last Audit
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
-
8/2/2019 Risk Assessment Worksheet
58/64
I. Time Since Last Audit
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
0 0 9
-
8/2/2019 Risk Assessment Worksheet
59/64
I. Time Since Last Audit
C5Cell:Measure of the time period (in years) since the last audit was performed on the unit.Comment:1 Less than one year since last audit.3 One to two years since last audit.5 Two to three years since last audit.
7 Three to four years since last audit.9 Greater than four years since last audit or never audited.
-
8/2/2019 Risk Assessment Worksheet
60/64
J. Opportunities For Improvement
OPPORTUNITIES FOR IMPROVEMENT
AUDIT
Opportunity
Identification
Risk
Assessment
Management
Interest /
Request Total Score
Total
Possible
Score
Accounts Payable 0 27
Accounts Receivable 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 270 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
RANK
1 = Low risk to 9 = High risk
SUMMARY PAGE
-
8/2/2019 Risk Assessment Worksheet
61/64
J. Opportunities For Improvement
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
-
8/2/2019 Risk Assessment Worksheet
62/64
J. Opportunities For Improvement
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
0 0 27
-
8/2/2019 Risk Assessment Worksheet
63/64
J. Opportunities For Improvement
C5Cell:Opportunity Identifiction: The unit keeps abreast of current practices and benchmarks against other units.Comment:1. The unit has a formal documented process for identifying opportunities, has strong measures, utilizes a problem solving model and bucorrective action into its operating plan.5. The unit has some processes for identifying opportunities, and may have some measures, may use a problem solving model and doe
always follow-up on taking corrective action.9. The unit does not look for improvement opportunities, has no or ineffective measures, and is satisfied with status quo.
D5Cell:
Risk Assessment: A risk assessment process is used to develop an annual operating plan.Comment:1. The unit has a documented formal risk assessment process in place that allows recognition and assessment of changes to its risk pro
The process allows the unit to make informed decisions about accepting, transfering, avoiding or reducing the risk to an acceptable leveunit is proactive.
4. The unit uses a formal risk assessment occasionally or when new risks are identified.7. The unit inconsistently uses an informal and incomplete risk assessment process and is reactive to changes to its risk profile.
9. The unit does not have a risk assessment process and is reactive using ad hoc problem solving. "Fights fires"
E5Cell:Management Interest/Request: Measures the level of interest expressed by Management to have Internal Audit review or audit the activComment:1 No management interest.3 Interest by management expressed through casual conversation.
5 Interest by direct management expressed as a concern.7 Interest by multiple managers or a senior manager.9 Request or interest by a stratum 4 or above manager.
-
8/2/2019 Risk Assessment Worksheet
64/64
Available productive hours
Total 1 2 3 4Regular hours 2080 2080 800Vacation 80 120Holidays 80 80
Sick 40 40Training 80 80TravelAdministrative 104 250Audit Follow-up 50 50Misc 50 50Special Audit Projects 200 200Management Request 100 150Net Hours Available 1296 1060 800 0
Combined Net Hours Available 3156
Sort Page