Entity-Wide Risk Assessment

Our View of Risk

Organizations typically fail to meet goals, incur losses or make substantial misjudgments for three main reasons:

  • Unseen Risk – failure to foresee emerging risks; e.g. blindsided by the unanticipated;
  • Known Risk – not properly managing known risk; e.g. unintended consequences; or
  • Control Failure – reliance on inadequate controls which fail to mitigate the risk as expected.

We are not referring to “Black Swan” events, which include the most unlikely occurrences and which are arguably highly unpredictable. However, we do consider risks in the ordinary course of business that most organizations face.

Cherry Bekaert’s entity-wide risk assessment service is designed to help management clearly identify and evaluate risk at the entity-level. We use industry-leading risk assessment models that are populated by benchmarking against industry standard risk factors and strategic risk and control self-assessment workshops, which help to identify, evaluate and assess potential areas of risk to the entity.

Benefits of Risk Assessments

A risk assessment helps mitigate the potential loss due to error, fraud, inefficiency, failure to comply with statutory requirements and actions that may have a negative effect on an organization. If your organization has ever asked these questions, a risk assessment may be right for you:

  • How do we identify and get out in front of emerging risk?
  • Have we adequately considered down-side risk to our business objectives?
  • What could go wrong?
  • Where is the greatest risk that something will go wrong?
  • If something goes wrong, what is the impact?
  • How often could it happen?
  • How can the risk be mitigated?

The Systematic Risk Assessment Process Defined

A systematic risk assessment is a process used to identify risk and potential audit areas based on specific risk factors related to a client’s operations and internal controls in order to provide assurance that risk tolerance is within management’s expectations. The process involves the creation of a Risk Management Team (RMT) comprised of client and consultant staff. A risk assessment model is used to rank and prioritize potential audit areas through a series of surveys, questionnaires and strategic interviews, as well as the combined judgment and expertise of your risk management team. The result is an audit plan that provides a tool for assigning available audit personnel to the highest areas of risk, defining an audit population and prioritizing the audits conducted. The audit plan may consist of the following types of audits:

  • Financial, Operational and/or Compliance Audits
  • Information Technology Audits
  • Internal Control Reviews
  • Internal Reviews (where fraud is suspected)
  • Fraud Examinations
  • Special Projects

Our Approach and Methodology

Cherry Bekaert incorporates an interactive approach to documenting and assessing an organization’s exposure to fraud, waste and unauthorized activities. We utilize two different methodologies: Industry-Specific Risks and Enterprise-Wide Risks, which ensures that Cherry Bekaert will tailor the risk assessment to your organization’s needs.