ASSESS BEFORE THE AUDIT
Many organizations find themselves at odds with the findings of their auditors about the organizationâ€™s risk mitigation policies and procedures. The cause of the conflict is likely due to the fact that the auditor requires adherence to standards and guidelines that are not cost-effective for the organization to implement. Itâ€™s not necessarily that the risk does not exist, but the risk must be analyzed on the basis of frequency and impact, not solely on the basis of riskâ€™s nature alone. Both parties will agree that the risk exists, but they will differ, often widely, on the likelihood of the risk occurring and the impact of the risk to the organization, and thus the organizationâ€™s financial commitment to reduce the risk. Bad blood between both parties is a likely result, but it shouldnâ€™t have to be this way.
The solution to this â€œSarBox Struggleâ€ is that the organization should perform a thorough assessment before the audit takes place. This is, in fact, one of the requirements of Sarbanes-Oxley compliance as per the COSO framework: the continual monitoring and assessment of controls and policies to ensure they are effective and relevant. However, if your organization is not performing regular assessments youâ€™re more than likely to be hit with an unacceptable audit review and requirements for the implementation of tough standards and strict policies to address perceived risks.
As part of the assessment by the organization, the justification for the levels of risk management should be documented before the audit. The organization must show the balance between the risk (should it occur) and the cost to reduce the risk. The organization has shown itâ€™s own due diligence in performing the risk assessment, and will likely be in a better position to negotiate what is / is not acceptable risk mitigation with the auditor.
Risk $ versus Reduction $
An assessment of risks should be made routinely and before the audit, and include:
– Damage Control
Other articles in this series:
Guest Author: Norman Katz
Copyright Â© Katzscan, Inc. â€“ Source: Supply Chain Fraud White Paper
Telephone: 954-942-4141 ï· www.katzscan.com ï· Since January 1996 ï· www.supplychainfraud.com