Eight questions for a holistic risk assessment

By Ken Tysiac

Please note: This item is from our archives and was published in 2012. It is provided for historical reference. The content may be out of date and links may no longer function.

Internal control has emerged from isolation.

In recent years, according to an International Federation of Accountants (IFAC) report, internal control has come to be viewed as an integral part of risk management and governance rather than a separate concept unto itself.

This integration demands that individual risks be assessed holistically rather than in a linear or unconnected way, according to the report, Evaluating and Improving Internal Control in Organizations. The report explains how accountants can ask the right questions to ensure a proper risk assessment that determines the overall effect of uncertainty on an organisation’s goals.

All important business decisions should be made with this comprehensive risk assessment in mind, the report says. To assess risk across an organisation, the report recommends that accountants ask:

  • Are the various departments that deal with a specific risk or have responsibility for associated controls working together?
  • Does the organisation have an accurate and comprehensive understanding of its current risks?
  • Does the organisation understand how various risks might have common causes or mutually reinforcing consequences?
  • Are the organisation’s risks within the limits for risk-taking as determined in its risk-management strategy and policies on internal control?
  • Are risks treated on an individual basis or does the organisation understand the overall effect of uncertainty on its objectives?
  • Does the organisation sufficiently know the effectiveness of its controls and how they could be further improved?
  • How can the organisation be certain it knows the correct answers to the preceding questions?
  • What are the processes for monitoring and evaluating, and are the processes effective?

The role of successful internal control as a driver of prudent business decisions is expanding as organisations take a proactive approach towards risk assessment and its integration into governance.

University of Wisconsin professor emeritus Larry Rittenberg, CPA, Ph.D., CIA, explained during a recent telephone interview that understanding controls themselves and whether they are working is an important step that leads to opportunities for organisations to improve.

Rittenberg is a former chairman of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which has another key internal control document under development. COSO’s Internal Control—Integrated Framework is undergoing an update that was released in an exposure draft in December and is scheduled for a final release in the first quarter of 2013.

Rittenberg said that when he served on the board of directors of one of the world’s largest oil companies, PetroChina, the audit committee and top management carefully examined the company’s controls and processes with the goal of improving them.

“They believed it would lead to more efficiency and effectiveness as well,” Rittenberg said. “I think the whole idea of changing the mind-set [from] just the compliance activity into a proactive approach [is important].”

That idea is reinforced by the IFAC report’s practical guidance. The report describes nine key principles for evaluating and improving internal control:

  • Supporting the organisation’s objectives.
  • Determining roles and responsibilities with respect to internal control.
  • Fostering a culture that motivates members to support risk-management strategies and policies.
  • Linking internal control achievement to individual performance objectives.
  • Ensuring that participants in governance are competent to fulfill internal control responsibilities.
  • Responding to risk.
  • Communicating regularly.
  • Monitoring and evaluating.
  • Providing for transparency and accountability to stakeholders.

An effective internal control system is one of the best defences against business failure and an important driver of business performance, according to the report. And it says accountants play a key role in internal control as creators, enablers, preservers and reporters of sustainable value creation for organisations.

Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine senior editor.
 

Up Next

AI readiness, skills gaps top concerns of finance leaders

By Steph Brown
December 17, 2025
Eighty-eight per cent of finance professionals believe AI will be the most transformative tech trend over the next 12 to 24 months. Yet only 8% feel their organisations are “very well prepared” to manage it, a new AICPA and CIMA survey shows.
Advertisement

Most Read

Balancing projects and daily work: 3 time-saving strategies
How AI is changing the way companies watch workers
3 actions for finance leaders to improve public sector productivity
3 common types of difficult people — and how to work better with them
Compatibility Versions in Excel: What you need to know

LATEST STORIES

Finance and cyber resilience

5 elements of an effective AI prompt

AI readiness, skills gaps top concerns of finance leaders

Expert advice for navigating challenges, changes, self-doubt

Legislation set to lower EU sustainability reporting threshold

Advertisement
Read the latest FM digital edition, exclusively for CIMA members and AICPA members who hold the CGMA designation.
Advertisement

Related Articles

IASB proposes new accounting model to improve risk management

December 3, 2025 The new model aims to enhance how financial institutions manage interest-rate risk.

Transformation-focused companies are outpacing others in AI

November 10, 2025 Organisations using AI to redesign workflows at an enterprise level achieve higher customer satisfaction and profitability than companies fixed on efficiency.