Audit Services Charter
Risk Assessment Terminology
Internal Control

Audit
Mercer University > Audit > Risk Assessment Terminology
Risk Assessment Terminology  
Risk Self-Assessment
The definition and measurement of the risk associated with achievement of specific objects by the employees and managers who are responsible for the achievement of the those objectives.
 
Mission Statement
Organization's vision statement (where are we going?).
 
Goals and Objectives
Specific milestones to realization of the mission statement.
 
Activities
What we do to ensure achievement of goals and objectives.
 
Processes
The systems within which all work takes place.
 
Risks
Anything that can prevent the achievement of goals and objectives.
 
 
Impact of Risk
Effect on achievement of goals and objectives when the risk happens.
High Impact
If the risk happens, we will probably not achieve our objective or to so so will require major damage control ("show stopper").
 
Medium Impact
If the risk happens, we will have to do extra work or we will be inefficient, but we can still achieve our goal or objective.
 
Low Impact
If the risk happens, we will be aware of it, but it will have little or no effect upon operations or the achievement of the objective.
 
 
Probability of Risk
Likelihood of the risk happening.
High Probability
It will happen often.
Medium Probability
It is likely to happen, but not often.
Low Probability
It is unlikely to happen at all.
 
 
Mitigation Strategy
How are you going to manage a risk?
Accept
Do nothing to manage risk.
Avoid
Do not do the activity the generates the risk.
Control
Establish policies and procedures to manage the risk.
Manage the Risk
Do something to lower the probability to an unacceptable level.
Transfer
Let someone outside the organization do the control.
 
Monitoring Plan
The set of execution (level 1), Supervisory (level 2), and oversight (level 3) controls that must operate to provide on-going assurance that a specific risk is being managed as planned.
Execution controls (level 1)
Policies and procedures applied by employees or systems to every transaction or event.
Supervisory control (level 2)
Policies and procedures applied by supervisors or representatives of supervisors to ensure employees are properly performing and documenting the execution (level 1) controls.
Oversight Controls (level 3)
Policies and procedures applied by middle and upper management or their representatives to ensure that supervisory (level 2) controls are being properly performed and documented.
 
Other terms:
 
Assurance Continuum
The levels of assurance that can be provided about the proper management of the risks.
Certification
The written and signed representation from any manager that the risk management strategies applicable to that manager have been properly executed and documented.
Collaborative Assurance
The partnership of management and internal audit to provide the governance function with some level of assurance about all the risk.
Site Map | Directory | Maps | Libraries | Research | Departments & Services | Community | Employment
1400 Coleman Avenue, Macon, GA 31207-0001
3001 Mercer University Drive, Atlanta, GA 30341-4115
4700 Waters Avenue, Savannah, Georgia 31404
© 2006 Mercer University. All rights reserved.
1-800-MERCER-U