Page 90 - CA Final PARAM Digital Book.
P. 90
A- New Accounting pronouncements.
Adoption of new accounting principles or changing accounting principles may affect
risks in preparing financial statements.
T- New Technology.
Incorporating new technologies into production processes or information systems
may change the risk associated with internal control.
R-Changes in Regulatory or operating environment. Changes in the regulatory or
operating environment can result in changes in competitive pressures and significantly
different risks. (E.g., Change in NPA Norms, Change in Loan Processing System Etc.)
A-New business models, products, or Activities. Entering into business areas or
transactions with which an entity has little experience may introduce new risks
associated with internal control.
G- Rapid Growth. Significant and rapid expansion of operations can strain controls and
increase the risk of a breakdown in controls.
I- New or revamped Information systems. Significant and rapid changes in
information systems can change the risk relating to internal control.
C- Corporate restructurings. Restructurings may be accompanied by staff reductions and
changes in supervision and segregation of duties that may change the risk associated with
internal control.
Author’s Note
• Shortcut is created in a Logical sequence. Try to remember it in this sequence only
• Shortcut PFA – TRAGIC risk assessment
QNO Enterprise Risk Management Old Course – (N23M)
40.200 TITANIUM CNO-- Unique
ZOB Limited is planning to be listed. The management of company has pulled up its socks and decided to
implement “Enterprise Risk Management Program” for identifying and assessing various risks.
Differentiating scope of such a program from internal control framework, discuss what does “Risk
Assessment Process” is likely to include in such a program. Also identify any two such widely available
ERM frameworks
Answer The scope of an Enterprise Risk Management program is much broader than an internal control framework
and encompasses both internal and external factors that are relevant to business strategy, governance,
business process and transaction and activity level. The focus of an internal control framework is primarily
around financial reporting, operations and compliance risks associated with an account balance, business
process, transaction and activity level, which form a sub-set of the overall enterprise risks.
This Enterprise Risk Management – Integrated Framework expands on internal control providing a more
robust and extensive focus on the broader subject of enterprise risk management. While it is not intended
to and does not replace the internal control framework, but rather incorporates the internal control
framework within it, companies may decide to look to this enterprise risk management framework both to
satisfy their internal control needs and to move toward a fuller risk management process.
One of the most critical components of Enterprise Risk Management is the risk assessment process. The risk
assessment process involves considerations for: -
• Risk identification
• Assessment criteria including qualitative and quantitative factors.
• Definition of key performance and risk indicators;
• Risk appetite
• Risk scores, scales and maps
• Assess risks.
• Use of data & metrics
• Prioritise risk.
www.auditguru.in PARAM 4.7 | P a g e
