Summary
Risk Assessment and Control Verification activities are critical for the management to ensure that the organization achieves its objectives. These activities require executive management sponsorship, a structured framework, workflow-based systems, and business intelligence tools.
Most organizations perform risk assessment at least once a year to evaluate enterprise risks for many different perspectives, such as strategic risk, operational risk, compliance risk, IT risk, and frauds. The management also checks and verifies the controls, which mitigate the risks to an acceptable level for the organization. Organizations subject to Sarbanes-Oxley law require the management to assess and certify that the internal controls over financial statements are design and operating effectiveness every quarter as the financial results are disclosed publically.
Generally, the internal controls management function is managed through a Program Management Office established by the Chief Financial Officer...
