⚠
Risk
→ The effects of uncertainty on objectives
→ If the uncertain event occurs, it will have a positive or negative effect (threat/hazard).
→ Determine what might happen that would cause a potential lost
→ A problem is a 100% certain condition that exists now. A risk is an uncertain event that might happen and
would threaten the ability to achieve the companies objectives.
You must NOT quote a PROBLEM if they ASK FOR A RISK!
Risk Identification: Identify Assets → identify Threats → Identify Existing Controls → Identify Vulnerabilities →
Identify Consequences
Risk Appetite
What is the organisation’s current level of risk and how much risk can they tolerate. What is the current attitude
towards risk - sometimes taking risks is necessary in order for a company to grow.
Prioritise Risk
Companies use a heat map to try and measure the likelihood of potential risk and ranks each possible risk
according to the impact or effect the risk might have on the organisation (eg minor risk to major risk to extreme
risk). The heat map can also measure the likelihood of opportunities and ranks these from likely to possible and
rare.
5 BP Risk Strategies
1. Exploit:
2. Avoid:
3. Accept:
4. Transfer: Shifting the consequences
5. Mitigate: reduce probability of ocurrence through controls.
Internal Controls Assure Objectives (NB)
→ Effected by an entities board or personnel
To ensure you achieve your objectives, ensure you have:
1. Effective + efficient operations
2. Reliable financial reporting
3. Comply with applicable laws & regulations
Risk 1
, Controls: Mitigate Risks to Achieve Objectives
→ When looking at a BP, what are the main objectives?
→ Risks prefevnt this objective from being achieved
→ Put in a control to decrease the chance of this risk happening.
What is compliance?
When BPs, operations & practice are in accordance with a prescribed and/or agreed set of norms.
When processes meet internal and external requirements
Internal: Guidelines & policies, alignment to strategic goals, effective & efficient use of resources.
External: business partner contracts, legislation, standard codes of practice.
→ Controls ensure compliance!
The cost of non-compliance
A company has to balance costs of ensuring compliance against costs of non-compliance.
Non compliance can be costly and damaging to an organisation - puts their objectives at risk: penalties, fines,
prison, loss of licences, lawsuits etc
Global Approach to Compliance
South Africa is trying to improve compliance in line with global regulations to avoid another financial crises. This
means new regulations and laws have been passed both locally and internationally. Failure to comply with this
laws can put your business at risk both legally and from a reputational perspective.
5 Steps to Achieve BP compliance:
External:
1. Identify compliance source (law/ act) & compliance requirements = defined control objectives
2. Assess compliance risks (ie data entry errors) to satisfy compliance requirements and ensure
continuity of business operations.
3. To mitigate these risks: ensure compliance requirements & control objectives are satisfied define controls
4. Embed internal controls (3 points under Internal Controls Assure Objectives) into applications &
processes
5. Monitor controls
Risk Identification
→ Go one task at a time
Classifying BP Controls
Risk 2
Risk
→ The effects of uncertainty on objectives
→ If the uncertain event occurs, it will have a positive or negative effect (threat/hazard).
→ Determine what might happen that would cause a potential lost
→ A problem is a 100% certain condition that exists now. A risk is an uncertain event that might happen and
would threaten the ability to achieve the companies objectives.
You must NOT quote a PROBLEM if they ASK FOR A RISK!
Risk Identification: Identify Assets → identify Threats → Identify Existing Controls → Identify Vulnerabilities →
Identify Consequences
Risk Appetite
What is the organisation’s current level of risk and how much risk can they tolerate. What is the current attitude
towards risk - sometimes taking risks is necessary in order for a company to grow.
Prioritise Risk
Companies use a heat map to try and measure the likelihood of potential risk and ranks each possible risk
according to the impact or effect the risk might have on the organisation (eg minor risk to major risk to extreme
risk). The heat map can also measure the likelihood of opportunities and ranks these from likely to possible and
rare.
5 BP Risk Strategies
1. Exploit:
2. Avoid:
3. Accept:
4. Transfer: Shifting the consequences
5. Mitigate: reduce probability of ocurrence through controls.
Internal Controls Assure Objectives (NB)
→ Effected by an entities board or personnel
To ensure you achieve your objectives, ensure you have:
1. Effective + efficient operations
2. Reliable financial reporting
3. Comply with applicable laws & regulations
Risk 1
, Controls: Mitigate Risks to Achieve Objectives
→ When looking at a BP, what are the main objectives?
→ Risks prefevnt this objective from being achieved
→ Put in a control to decrease the chance of this risk happening.
What is compliance?
When BPs, operations & practice are in accordance with a prescribed and/or agreed set of norms.
When processes meet internal and external requirements
Internal: Guidelines & policies, alignment to strategic goals, effective & efficient use of resources.
External: business partner contracts, legislation, standard codes of practice.
→ Controls ensure compliance!
The cost of non-compliance
A company has to balance costs of ensuring compliance against costs of non-compliance.
Non compliance can be costly and damaging to an organisation - puts their objectives at risk: penalties, fines,
prison, loss of licences, lawsuits etc
Global Approach to Compliance
South Africa is trying to improve compliance in line with global regulations to avoid another financial crises. This
means new regulations and laws have been passed both locally and internationally. Failure to comply with this
laws can put your business at risk both legally and from a reputational perspective.
5 Steps to Achieve BP compliance:
External:
1. Identify compliance source (law/ act) & compliance requirements = defined control objectives
2. Assess compliance risks (ie data entry errors) to satisfy compliance requirements and ensure
continuity of business operations.
3. To mitigate these risks: ensure compliance requirements & control objectives are satisfied define controls
4. Embed internal controls (3 points under Internal Controls Assure Objectives) into applications &
processes
5. Monitor controls
Risk Identification
→ Go one task at a time
Classifying BP Controls
Risk 2
