Risk assessment is the component of the entity’s internal control that involves identifying and analyzing risks internally and externally. Risk assessment is relevant to achieving business objectives as well as objectives related to the preparation of reliable financial statements.
This questionnaire template provides a number of COSO elements and the related objectives for entity-level controls. Within the questionnaire, you can document the control's COSO attribute, whether the control exists, whether it was designed properly, related test procedures, management's action plan for deficiencies, and more.
Example control objectives in this tool include:
Management has a business planning process in place that examines existing objectives and establishes new objectives when necessary.
Management establishes business plans and budgets with realistic goals.
Each functional leader, with the assistance of their direct reports, is responsible for identifying specific goals/priorities for their areas of responsibility that will satisfy the company's overall priorities for the year.