More Effective and Efficient Risk Assessment Process

We enjoyed great turnout and great questions from those who attended our recent CPE event walking through the automation of Risk Assessment. Special thanks to our guest presenter, Leslie Tamayo, who testified to the effectiveness of the process as well as the value of policyIQ to make the assessment even more efficient.

The greatest challenge in presenting this topic was trying to fit 20 pounds of material into a 5 pound sack! There’s a lot of great information for this topic. Let’s re-cap and look at some of what we could not share during our time together.

The Risk Assessment Process

Use the AS5, top-down, risk-based approach to help you focus on what truly matters. Identify risks underlying relevant financial statement assertions. Then perform a thorough analysis to determine which controls really matter and, therefore, which tests are necessary.


Bring automation to your process using policyIQ

You can capture your Risk Assessment in policyIQ. We created a “K” Template in policyIQ to represent the 10K Line Item Risks. By creating a Template for our 10K Line Item Risks, rather than having a Drop Down field or representing each line item within a Folder structure, we are able to illustrate the relationship between each line item to relevant business processes and to locations more easily. This is also the best way to demonstrate the relationship between each line item risk and the relative controls for your control rationalization process.

By indexing the line item risks to the appropriate Folders in policyIQ, we “mapped” them to relevant Business Processes (and you could map them to relevant location folders, too).

A very important step is to link 10K Risks to Control Activities in policyIQ. You may also wish to break down your Financial Statement Assertion field on your Control Template—instead of having a Multi-Select field, you could capture each assertion as its own field with a Yes/No choice. These two steps make the Detail Link Report simple to create and to view from different perspectives for your Control Rationalization process.


Use policyIQ Reports to see the “big picture” and to create a “dynamic” view of your Control Environment in real time.

    • Create a list of each line item’s rating for various Risk Assessment Factors and to calculate the risk
    • Validate your assessment of which Business Processes are significant by listing your 10K Line Item Risks with related Business Process Folders
    • Review complete lists of your Business Process Risks and your Control Activities
    • Add Financial Statement Assertions to your Controls list so that you can verify that each Control addressing an assertion is, indeed, identified as a Key Control (later, in your analysis, you may determine that some can be downgraded if they are redundant Controls)
    • Analyze coverage of Financial Statement Assertions by Controls for each of your Financial Statement Line Items

With the automation of the Risk Assessment Process you will spend less time on the manual/mechanical preparation of your assessment and more time on analysis. Create a process that is more effective and more efficient by spending valuable time identifying Gaps, Redundancies and determining which Controls are truly important.


Want more information? Check out these resources:

Our online Help guide walks through the process, provides specific guidance on how to configure your site and how to build the Reports that we presented in our session. You will also notice that the session’s presentation deck and a link to the recording of the session are available in Help. Click here to go directly to the Risk Assessment related Help content. 

What’s preventing you from automating your Risk Assessment process in policyIQ?

Let us help you to get started!

Contact us and we can connect you with experts in your area who can hit the ground running and work with you to perform and document your assessment. They can help you to begin with your 10K Risk Assessment and to work through the full cycle which brings you back to confidence in your internal control environment.

Of course, we also can connect you with policyIQ experts to address your policyIQ implementation questions. We’re waiting and looking forward to hearing from you (, or 1-866-753-1231)!

This entry was posted in Solutions, Training and tagged , by Stephenie Buehrle. Bookmark the permalink.

About Stephenie Buehrle

Stephenie is the “solutions” expert on the policyIQ team. With RGP since 2004, she designs and develops solutions that capitalize on the best practices of the hundreds of companies that she has touched, while tailoring each configuration to meet the unique needs of each client. Before joining RGP and the policyIQ team, Stephenie enjoyed working as an independent consultant in the non-profit sector. Stephenie also previously performed analyst services for a major brewer ranging from roles in biological and chemical services to analytical roles in business process improvement and innovation. Stephenie quips that she still doesn’t know what she wants to be when she grows up, but hopes to spend her days helping others (companies, individuals, and communities) to realize their full potential.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s