The process of identifying, measuring, and analyzing risks relevant to a program or process.
What is risk assessment?
Type of operational risk which may refer to failure to meet external requirements.
What is compliance risk?
a widely used and highly effective tool to record and analyze the objectives, risks, and controls in the program or process that is being audited as defined in the scope definition.
What is risk matrix?
Organizational hazard which may include loss of connectivity and corrupted data.
Technological hazard.
A step in risk assessment which may be subjective or objective, driven by facts or not.
What is measurement of risk.
Type of operational risk which may include delivering ordered goods or services past the promised date.
What is capacity risk.
Approach to identifying relevant events wherein different scenarios or alternative ways of achieving objectives and determine how forces interact are created.
What is scenario-based approach?
a technique used by internal auditors to involve management and employees in evaluating the effectiveness of internal controls and risk management processes within their own areas of responsibility.
Control Self Assessment
What are the two dimensions of risk assessment
Likelihood and impact.
Type of operational risk which may include manufacturing lines being unable to keep pace with sales growth.
What is strategic risk.
One limitation in risk identification due to the accounting background of internal auditors.
What is bias?
The impact of these hazards and how to reduce them is the next aspect of the risk assessment process. This is referred to as _______.
Mitigation.
the “degree to which people, property, resources, systems, and cultural, economic, environmental, and social activity is susceptible to harm, degradation, or destruction on being exposed to a hostile agent or factor.
What is "vulnerability"/ What are "vulnerabilities"
Type of operational risk which may include inability to secure needed resources.
Approach to identifying relevant events that may hinder the ability of the organization to achieve its objectives partially or completely.
Objectives-based approach
Key to success in risk management. It is as important as risk mitigation.
Organizational Resilience.
Four basic components of risk matrix.
Objectives, risks, control and audit steps or procedures.
Type of operational risk which may include knowledge drain due to employee turnover.
What is strategic risk.
Considerations to be made during risk identification which may include evaluating or assessing equipment, people and policies.
What are internal constraints?
Value gap