Risky Business!
(Impact of the risk)
(Impact of the risk)
Cash was stolen from a retail store’s register after hours.
What is loss of funds, theft, or financial hit?
Compliance filings are always sent for review, and at least one manager usually glances over them before submission.
What is ineffective?
Examine a sample of employee files for evidence of completed annual policy training.
What is substantive testing?
Vendor compliance certificates are occasionally missing, but the majority are collected and logged.
What is a medium-risk finding?
Which planet has the shortest day in our solar system?
What is Jupiter?
Sensitive customer data emailed unencrypted.
What are data breaches, privacy violations, fines, etc.?
Managers regularly remind employees to complete annual compliance training, and a centralized log helps track engagement.
What is effective?
Trace a sample of vendor compliance certifications to validate their authenticity and date.
What is substantive testing?
Sensitive customer information found on unsecured, shared drives.
What is a high-risk finding?
The Mona Lisa hangs in which world-famous museum
What is the Louvre (Paris)?
Employees manipulated overtime records for higher pay.
What are payroll inflation, reputational risk, and wasted resources?
Staff are promptly told about new policy updates in weekly meetings, and attending staff generally hear about key changes.
What is ineffective?
Observe whether approvals are documented for all exceptions to standard regulatory procedures.
What is a test of control?
One training session was scheduled late; staff still completed within the acceptable window.
What is a low-risk finding?
Which province is the only officially bilingual province in Canada?
What is New Brunswick?