presented by pam lebold, cpa director, not-for-profit services
TRANSCRIPT
Presented by Pam Lebold, CPADirector, Not-for-Profit Services
Implemented in 2007 Auditors can longer default to max control
risk◦ Must gain an understanding of relevant controls◦ Which controls are important? Those that
mitigate risks that may affect the financial statements
Many “canned” programs to assist auditors in this endeavor
“Obtain a sufficient knowledge of the entity’s risk assessment process to understand how management identifies business risks that may affect the financial statements…and determine how to address those risks”
Auditor should determine whether:◦ Management has established practices for the
identification of risks affecting the entity.◦ Management considers the entire organization as
well as its extended relationships in its risk assessment process.
◦ Management evaluates and mitigates risk appropriately.
One more item on your “to-do” list
Benefits – do they outweigh the costs?
What are your organizational risks? Things to consider:
◦ Financial risk◦ Compliance/legal risk◦ Operational risk◦ Reputational risk
Where to start?
START WITH YOU!!(who else??)
Many different approaches One possible approach:
◦ Consider the “owner” of this process◦ Determine who else should be involved◦ Consider who can be involved on an “as needed”
basis◦ Definitely consider involvement of general
counsel
Have each department head identify “what could go wrong”
OR
“What keeps you up at night?”
Summarize information on a template:◦ Issue(s)◦ Date presented◦ Dept/Responsible person◦ Impact/Severity (high/mod/low)◦ Probability of Occurrence (high/mod/low)◦ Mitigation measures implemented (should explain
the rating above)◦ Overall current risk rating
By creating this template you can see which items are higher risk than others
Other things to consider:◦ Perceptions (what’s high risk to some may not be
high risk to the entire organization)◦ Cost benefit (could consider adding cost of
impact)
Once you have templates from the appropriate departments, then what do you do?◦ Depends on who was the “owner” in the first
place◦ Decision needs to be made to rank the items by
importance, then assign “homework”
Templates are useful to keep track of “wins”
If you are the owner, suggest a few early “wins”
Templates are also useful to keep track of who didn’t perform necessary tasks
Hot spots:◦ Grants management◦ IT◦ Construction◦ Student affairs/services◦ And of course, don’t forget finance!