Introduction to Risk and Control Matrices for Internal Audit/SOX/Assurance

Why Should You Attend:

Process risk analysis can be used for SOX Compliance or internal Audit projects. However, it is also very useful in ensuring that risks are properly mitigated and in determining the key controls in your business process to allow active board and senior management oversight. If not planned in advance, the whole process can grind to a halt while forward thinking companies have already taken those eventualities into account. This session will consider the steps that need to be taken in developing an effective risk and control matrix that can be used within a business either as a SOX compliance or audit tool or more widely as a valuable management oversight assist.

This webinar will discuss the types of risks, risk analysis methods and the role of management in risk identification and control. It will highlight the documentation requirements specific to risk and control matrices. This session will help attendees in establishing a risk analysis and management process within their organization in order to meet SOX compliance, as well as internal and external audit requirements.

Areas Covered in the Seminar:

Following topics will be covered in this webinar:

• Types of risk
• Risk and control identification- the role of management.
• Process risk analysis.
• Template for a risk and control matrix.
• Risks of material misstatement and fraud.
• Documentation requirements specific to Risk and Control Matrices.

Who Will Benefit:

This risk analysis training will be beneficial to the following personnel in any regulated company:

• Financial Officers
• Board Members
• Internal Auditors
• External Auditors
• Audit Committee Members
• Operational Risk Managers
• Departmental Managers
• Financial Managers

Instructor Profile:

Paul Gostelow, is an experienced Financial Manager with a proven track record of success within manufacturing, B2B, IT, telecommunications, entertainment, commercial and not for profit market sectors. He has a Legal Degree from the University of Birmingham, UK and is a qualified Chartered Accountant and a member of the Association of Certified Fraud Examiners. He worked for many years for members of the “Big Four”, mainly in Eastern Europe and Italy. Since 2004 he has run his own consultancy practice specializing in:

• Interim financial management
• Implementation of s302 and s404 Sarbanes-Oxley compliance in Europe for quoted Companies
• Internal audit projects
• Fraud risk assessments and remediation

Topic Background:

In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes Oxley Act. It is used to determine the scope and required evidence to support management's testing of its internal controls under SOX404. It is also used by the external auditor to issue a formal opinion on the company's internal controls. It involves applying specific risk factors to determine the scope and evidence required in the assessment of internal control. At each step, qualitative or quantitative risk factors are used to focus the scope of the SOX404 assessment effort and determine the evidence required. The use of risk and control matrices is central to this whole process. Internal auditors can also use the risk and control matrix as a valuable tool when approaching an internal audit project to focus scarce audit resources on the key areas within a process.

Perhaps more controversially, management can use a similar matrix to assess the risks facing a business and what it is doing to reduce those risks. Process risk analysis is therefore not just for financial risks but also wider operational risks.

Follow us :