Financial Controls and Risk Assessment


Risk assessment is the second component of the Framework of the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. The Framework provides a significant amount of guidance to an organization regarding the risk assessment process. It is also important to note that “management’s risk assessment process” is classified as an entity-level control. (A detailed discussion of entity-level controls is presented later in this chapter.) Consequently, an entity should consult the Framework when conducting its risk assessment. In addition, the organization should ensure that it has an appropriate level of documentation of management’s risk assessment process as evidence of the existence of the necessary entity-level control.

“Risk assessment” is defined as the entity’s identification of relevant risks to achievement of its objectives, forming a basis for determining how risks should be managed.

There are three principles related to risk assessment:

1. Financial reporting objectives

2. Financial reporting risks

3. Fraud risks


According to COSO:

Management specifies financial reporting objectives with sufficient clarity and criteria to enable the identification of risks to reliable financial reporting.1

Attributes of this principle include:

  • Financial reporting objectives are in accordance with generally accepted accounting principles.
  • Disclosures include information that ...

Get Enterprise Risk Management Best Practices: From Assessment to Ongoing Compliance now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.