Internal control has come to be viewed as an important component of governance, and as such, evaluating a business’ risks should be viewed in an all-inclusive manner.  The following is a list of questions that are recommended to be asked in a comprehensive risk assessment of an organization:

  •  Are all of the departments that deal with a specific risk or have responsibility for associated controls working together?
  • Does the organization have an accurate and comprehensive understanding of its current risks?
  • Does the organization understand how various risks might have common causes?
  • Are the organization’s risks within the limits for risk taking as determined in its risk management strategy and policies on internal control?
  • Are risks treated on an individual basis or does the organization understand the overall effect of uncertainty on its objectives?
  • Does the organization sufficiently know the effectiveness of its controls and how they could be further improved?

To learn more about this report, please visit the following article from the Journal of Accountancy:

To learn more about the services we offer regarding internal controls, please visit our website:

Similar Posts