risk assessment workbook template

8/12/2019 Risk Assessment Workbook TEMPLATE

1/12

Internal A

Risk Level 1 to 3 1 to 3

F/S Risk

Factors Area Review

Mgmt

Concern

Disclosu

and Regu

Conseque

Weight 20% 5%

Information Systems System Implementations 3 1

Legal Department Lit igat ion Management & Accrual 3 3

Finance & Accounting Billing 3 3

Customer Management Customer Technical Support 3 1

Customer Management Call Center Management 3 1Legal Department Tariff Protection 3 3

Finance & Accounting Payroll 1 2

Human Resources Employee Benefits Mgt - Third Party Administration 2 2

Finance & Accounting Treasury - Debt Management (Covenant Compliance ) 2 3

Sales & Marketing Advertising & Promotions 1 1

Information Systems Data Security (Privacy) 2 2

Finance & Accounting Capital Management 3 2

Customer Management Customer Retention 3 1

Finance & Accounting Financial Close & Reporting 1 3

Finance & Accounting Line Cost 1 3

Customer Management Customer Credits/Adjustments 2 3

Information Systems Disaster Recovery/Business Continuity Plans 3 2

Finance & Accounting Revenue Recognition 1 3

Operations Inventory Mgt - CPE/Huntsville WH 2 1

Human Resources Employment Regulations 3 2

Sales & Marketing Contract Sales 3 2

Sales & Marketing Sales Branch Office 2 1

Operations Inventory Mgt. - Network Parts/Anniston W H 2 1

Finance & Accounting Treasury - Cash Management & Banking 2 3

Information Systems Help Desk & User Services 2 1

Sales & Marketing Sales Operations 3 1

Human Resources Recruiting 3 1

Sales & Marketing Customer Premise Equipment (CPE) Sales 1 2

Finance & Accounting Sales Commissions 2 2

Finance & Accounting Fixed Assets 1 2

Finance & Accounting Accounts Receivable 1 3

Information Systems IT Strategy/ Planning 3 1

Information Systems IT Network Administration 3 1

Operations Network Management, Provisioning, Grooming, etc. 3 1

Legal Department Government/Regulatory/Industry Affairs 3 2

Management & Board Mergers & Acquisitions 3 2

Human Resources Compensation 3 1

Finance & Accounting Accounts Payable 1 2

Operations Procurement 1 2

Finance & Accounting External Financial Reporting 1 3

Customer Management Field Support - Trouble Reporting & Tickets 2 1

Operations Network Operations - Switch Management 2 1

Operations Research & Development 2 1Sales & Marketing Product Development 2 1

Sales & Marketing Marketing Management & Plans 2 1


2/12

Internal A

Risk Level 1 to 3 1 to 3

F/S Risk

Factors Area Review

Mgmt

Concern

Disclosu

and Regula

Conseque

Weight 20% 5%

Management & Board Corporate Governance - (Authority/Approval Matrix, Disclosure

Controls, Policy Management) 2 2

Finance & Accounting Credit & Collections 1 2

Management & Board Incentive Compensation Plans 2 2

Information Systems Software Licensing 1 3

Information Systems IT Applications - ADP Enterprise 1 3

Finance & Accounting Treasury - FX/Derivatives 1 1

Finance & Accounting Travel & Entertainment 1 1

Finance & Accounting Budgeting, Forecasting, Strategic Planning 2 1

Management & Board Company Communications 2 1

Operations Engineering 2 1

Information Systems Contract Management - Service Level Agreements 1 2

Operations Safety 1 2

Information Systems Wireless Networks 1 1

Operations Network Operation Center Mgt. 1 1

Operations Energy Cost & Management 1 1

Operations Engineering Systems & Transport 1 1

Legal Department Securities Management & Stock Options Procedures1 3Human Resources Policies 1 2

Human Resources Terminations 1 2

Human Resources Worker Compensation 1 2

Human Resources Employee Relations 1 2

Legal Department Intellectual Property 1 2

Legal Department Contract Management 1 2

Legal Department Reconds Management 1 2

Legal Department Whistle Blower - Hotline 1 2

Management & Board Risk Management (General Liability,Officers & Directors,

Business Interruption) 1 2

Management & Board Risk Management - Workers Compensation 1 2

Management & Board Risk Management - Property Insurance 1 2

Management & Board SOX Program Management 1 2

Management & Board Investor Relations 1 2

Management & Board Governance Agreement 1 2

Operations Real Estate - Lease Management 1 2

Operations Fleet Management 1 2

Finance & Accounting Management Internal Reporting 1 1

Human Resources Employee Benefits Mgt - Enrollments 1 1

Human Resources Employee Performance Feedback 1 1

Human Resources Employee Communications - Feedback, Surveys 1 1

Human Resources Staffing Analysis/Workforce Management 1 1

Human Resources Training & Development 1 1

Human Resources Employee Loans 1 1

Management & Board Charitable Contributions 1 1

Management & Board Political Contributions 1 1Operations Facility Management & Physical Security 1 1

Management & Board Executive Travel & Entertainment 1 1


3/12

11%1%

16%

2%

5%

21%

6%1%

12%

1%

5%

8%

1%3%

9%

% of Total Risks by Risk Focus Areas


4/12

Aud

Sales and Marketing Contact Name Operations Contact Name Finance & Accou

Contract Sales Supply Chain Ops/Purchasing Accounts Payables

Sales Op Review Planning Accounts Receivables

Retail Quality Billings

Wholesale Construction Line Cost

Carrier Supplies, Materials and Services Invoice Auditing

Enterprise Vendor Management (i.e.: competitive

bidding, preferred suppliers)

Processing

Equipment Fleet Management Credit & Collections

Finance Review Lease Management Placement, Write-offs & Pl

Legal Review Testing and Control Credit Management

Engineering Review Network Reliability Collections

Operations Review Provisioning Capital Budgeting & Plan

Product Marketing Regulatory Compliance (i.e.. OSHA) Capital Expenditure Appro

Product Development Inventory Management Records, Depreciation & R

Sales Commissions Accounting and Valuation Non-capital purchases

Storage and Distribution

Call Center Fixed Assets

Network Operations Budgeting and Forecasti

Operator Services Closing the Books

Account Reconciliation

Account Analysis

Accruals

Internal Reporting

External Reporting

Tax Management

Federal Income Tax

State & Local Tax

Tariff Protection

Sales & Use

ResearchTravel and Expense Repo

Treasury


5/12

Audit Universe

Debt/Financial Structure

Cash Management

FX/Derivatives

Banking Relationships


6/12

Risk Categories

Risk Assessment Category Risk Category Definition Weighting

1 Consequences Severity of Consequence from Non-Compliance 5%

2 Prior Audit Prior Audit Findings 5%

3 SOX Findings Prior SOX Findings

4 Mgmt Concern Management Interest & Concern 20%5 Mgmt. Team Management Team 5%

6 Turnover Employee Turnover 25%

7 System Changes Systems Changes 10%

8 Financial Risk Size Revenue /Expense Size in Dollars 25%

9 Time Time Since Last Audit 5%

100%

Scale from 1 to 3 1 2

1

Severity of Consequence from

Non-Compliance

Considers the quantity and complexity

of legislative mandates and guidelines

that govern the audit subject under

review, as well as mandates and

guidelines governing the business unit

as a whole.

This includes:

Regulatory (PUC/FCC)

Financial

Areas where deficiencies would likely produce little or no

recourse from regulatory, legal or governmental agencies.

Areas where deficiencies would likely result in minimal or no

financial statement exposures.

Areas where deficiencies could p

repercussions from regulatory, g

This would include fines or pena

and/or short-term restrictions to

Areas wh

2 Prior Audit Findings

Considers the significance and number

of findings as well as theimplementation of corrective action.

Taken from Audit Project Reports and

SOX Observations.

No significant findings and few findings. There has been full

implementation of all corrective actions.

One or zero significant findings

andThere has been at least 90 perce

actions.

3 Management Interest & Concern

Considers the level of management

interest and/or concern that was

obtained from the Business Risk

Assessment - SOX Management

Questionnaire completed in late 2009.

Management believes this issue warrants little interest or

concern.

Management believes this issue

concern.

4 Management Team

Considers the amount of time that a

management team has been in place for

the area based on Internal Audit

knowledge.

Management has been in place over three years. Management has been in place m

than three years

Page 6 of 12


7/12

Risk Categories

Risk Assessment Category Risk Category Definition Weighting

1 Consequences Severity of Consequence from Non-Compliance 5%

2 Prior Audit Prior Audit Findings 5%

3 SOX Findings Prior SOX Findings

4 Mgmt Concern Management Interest & Concern 20%5 Mgmt. Team Management Team 5%

6 Turnover Employee Turnover 25%

7 System Changes Systems Changes 10%

8 Financial Risk Size Revenue /Expense Size in Dollars 25%

9 Time Time Since Last Audit 5%

100%

Scale from 1 to 3 1 2

5 Turnover

Considers the level of turnover based

actual 2009 data from Human

Resources.

Area employee turnover is great

25 percent.

6 Systems Changes

Considers any significant automated or

manual system changes and/or

upgrades and the number of issues

based on IA's knowledge. This will be

enhanced for the 2009 audit planning

using IT's annual plan.

No significant system changes and/or upgrades and no

outstanding issues.

One significant and/or several sy

and few outstanding issues.

7 Revenue /Expense Size in Dollars

Considers the annual revenues or

expense and volume transactions

initiated or processed through an area

based on actual 2008 and 2009

financial data.

Less than $15 million annual revenue or less than $1 million

expense.

Between $15 million and $50 m

between $1 million and $10 mil

8 Time Since the Last Audit

Considers when the last

financial/operational audit was

performed based on Internal Audit

history.

Less than two years since the last audit. More than two years but less tha

audit.

Page 7 of 12


8/12

AUDIT GRA

REF GradingCategories

Description Min Max Wei

1 Dollar Amount Other things being equal, large dollar amounts, either

flowing through a system or committed to an activity

or project, increase audit interest. As a means of

establishing a common frame of reference, use gross

revenue of the audit customer's entity as the base for

determining relative size.

Relatively Low Relatively High 9

2 Public Disclosure

Implications

Other things being equal, the prospect of significant

adverse notoriety, as a consequence of either acts of

commission or omission, serves to increase audit

interest.

Noncontroversial Highly Controversial 1

3 Internal Control The design and past performance of an internal

control system is important in judging the probability

of errors in the system. Other things being equal,areas with weak internal control are of greater audit

interest.

Strong Weak 7

4 Executive

Management

Interest

Other things being equal, expressed or implied

concern relating to an activity or project by a

responsible member of operating company

management increases audit interest. If there is no

basis for assessing management interest, arbitrarily

assi n a three.

Strong Weak 10

5 Results in Prior

Audit Other things being equal, significant adverse findings

in a prior audit increase audit interest. If there is no

prior experience, arbitrarily assign a three.

No significant

deficiencies

Serious deficiency

findings

8

6 Changes in

Personnel/Procedures

Other things being equal, a dynamic environment in

terms of personnel or procedures increases theprobability of errors and inefficiency occurring, and

consequently increases audit interest.

Static Dynamic 5

7 Complexity of

Activity

Other things being equal, as the operating complexity

of an area increases, information and control systems

tend to become more complex. This complexity

increases both the probability of error and the effort

re uired to monitor the s stem.

Simple Complex 4

8 Time Since Last

Audit

As the time since the last audit lengthens, the value of

a new audit is likely to increase. The beneficial effects

of an audit are greatest immediately before and after

a project.

Recently Audited Never Audited or Not

Recently Audited

6

9 Deviations from

Budget/PlanSignificant unfavorable variances from established

plans increase audit interest in an activity or project.

No significant variances Significant variances 3

10 Character of

Activity

Infrequent or unusual activities or projects are more

likely to result in error or inefficiency and are of

greater audit interest.

Routine and/or frequent Unusual and/or

infrequent

2


9/12

AUDIT GRADING MATRI

REF

Grading

Categories Points Weight Score Points 0 - 3 Points 4 - 6

1Management and

Staff Competence8 0.12 0.97

Lack of understanding of basic

accounting principles. Unqualified

Rudimentary understanding of C

Policies and GAAP. Improveme

required in the area of staff train

2Corporate Policy

Compliance9 0.15 1.36

Significant non compliance of corporate

policies

Non compliance to corporate po

without any compensating contr

place

3 Asset Management 9 0.12 1.09

Control structure exhibits major

weaknesses which could result in

material loss of company assets and/or

misstatement of revenue/expense

Weaknesses in controls could re

loss of assets or misrepresentat

profits / losses. Reliance is plac

mitigating controls

4Prior Audit

Recommendations10 0.10 1.01

Less than 50% implementation 50% to 74% implementation

5 Information Systems 8 0.10 0.81Locally developed and supported

accounting systems are poorly

maintained

Partially or fully implemented Gl

Applications with a high number

issues related to deployment an

6

Procedure and

Process

Documentation7 0.12 0.85

Few to no processes have been

documented. Not familiar or not

compliant to global standard procedures

Global standard procedures are

implemented or consistent with c

standards. No documentation e

7Financial Reporting

Integrity9 0.10 0.91

Financial reports are unreliable and

need immediate attention

Reliability of financial reporting r

improvement. Material or multip

immaterial adjustments are requ

8

Balance Sheet

Accounts Supporting

Detail8 0.12 0.97

Reconciliations or Listing of Account

Details are not performed. Material

adjustments are not properly

documented

Reconciliations or Listing of Acc

Details are not performed on a r

basis for all majoraccounts.

Reconciling items are not cleare

timely basis


10/12

AUDIT GRADING MATRIX

REF

Grading

Categories Points Weight Score Points 0 - 3 Points 4 - 6

9Reporting

Requirements Met9 0.06 0.55

Deadlines (Corporate and Internal) are

not met. Insufficient and/or

unmeaningful information is distributed

Significant reporting requirements a

continuously not met

TOTAL SCORE: 8.52

GRADE: ABOVE AVERAGE

Scale:

Below

Average:Less than 7.00

Average: 7.00 to 8.49

AboveAverage:

8.50 to 10.00

REFERENCE to CFO OBJECTIVES

1 Management identifies high potential individuals and assigns work that will provide a broad depth of experience, as well as benefiting the compan

2 Policies are followed and transactions are executed properly the first time without having to correct transaction mistakes.

3 Management actively seeks, identifies, and executes ways to reduce local capital, while maintaining high levels of customer service. Specific go

4 A focused effort exists to implement prior audit recommendations to improve the organizational financial integrity, process/policy compliance and

5 Aggressively working towards global system solutions with low levels of customization through process modification and government communica

6 Implementation of standard global processes including the quotation to collection cycle. Associates routinely spend time analyzing results and fo

7 Seek ways to improve the integrity of financial results, and enhance the forecasting process with more disciplined ties to the funnel.

8 Completed reconciliations that are useful tools to conduct true analysis of business issues.

9 Actively seeking ways to reduce the time necessary to close the books. Seek ways to evaluate the profitability of individual customers and order


11/12

Risk Factors(from 200x Form 10-K)

Risk Factor # Risk Factor Description Audit Area from Universe

1

2

3

4

5

6

7

8

9

10

11

12

13

Page 11 of 12


12/12

Risk Factors(from 200x Form 10-K)

Risk Factor # Risk Factor Description Audit Area from Universe

14

15

16

17

18

19

20

21

22

Page 12 of 12

risk assessment workbook template

Documents