CHAPTER 2
A RISK-BASED APPROACH TO ASSESS INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR)
2.1 A RISK-BASED APPROACH TO ASSESSING ICFR
(a) Introduction
2.2 DETERMINE KEY STAKEHOLDERS
2.3 ESTABLISH THE RISK MANAGEMENT CONTEXT
(a) General
(b) Risk Criteria—Big Picture Corporate Level
(c) Risk Criteria—Subsidiary Level
(d) Risk Criteria—Account/Note Disclosure Level
2.4 RISK RATING AND RISK IDENTIFICATION
(a) Risk Rating Assurance Contexts for ICFR
(b) Identifying Risks to Assurance Contexts Selected for Additional Analysis
2.5 ANALYZE AND EVALUATE RISKS
2.6 TREAT/MITIGATE RISKS
(a) Treat Risks Using COSO 1992 Control Criteria
(i) Using COSO 1992 for Control Criteria Centric Assessments
(ii) Using COSO 1992 for Risk-Based ICFR Assessments
(b) Treat Risks Using CARD®model, a COSO-Linked Framework
(c) Treat Risks Using COBIT/ISO 17799/ITIL
(d) Treat Risks Using the OCEG Foundation Framework
2.7 IDENTIFY, ASSESS, AND REPORT ON RESIDUAL RISK STATUS
(a) Types of Residual Risk Status Information
2.8 CONCLUDING REMARKS
NOTES
Note: This guide is a condensed version of a more comprehensive Institute of Management Accountants (IMA) discussion paper titled "A Global Perspective on Assessing Internal Control over Financial Reporting" circulated for comment globally and filed with the SEC in September 2006. The full text can be found at www.imanet.org/pdf/IMAmanagementguidancetoSEC906.pdf.
2.1 A RISK-BASED APPROACH TO ASSESSING ICFR
Get Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
