B. Risk Assessments

Management should identify internal and external risks that may prevent the organization from meeting its objectives.  When identifying risks, management should take into account relevant interactions within the organization as well as outside the organization.  Management should also consider previous findings; e.g., auditor identified, internal management reviews, or noncompliance with laws and regulations when identifying risks.  Identified risks should then be analyzed for their potential effect or impact on the organization.

Return to Internal Controls