Risk assessment is defined as the possibility that an event will occur and adversely affect the achievement of objectives. Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how risks will be managed.
Management considers the suitability of the objectives for the entity and the possible changes in the external environment and within its own business model that may impede its ability to achieve its objectives.
1 Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal Control – Integrated Framework (Executive Summary, May 2013), pg. 4.
6. Specific objectives with sufficient clarity and assessments of risk
7. The organization Identifies and analyzes risk
8. Assess risks for potential fraud
9. Identify and analyze significant change