Page 109 - Rižnar, Igor, and Klemen Kavčič (ed.). 2017. Connecting Higher Education Institutions with Small and Medium-Sized Enterprises. Koper: University of Primorska Press
P. 109
Internal Audit in the Financing of Companies

Events that have a negative impact are risks the management must
respond to with appropriate evaluation and the introduction of activ-
ities for its control. Events that primarily have a positive impact are
opportunities that the management must re-consider in the process of
goal setting (Committee of Sponsoring Organizations of the Treadway
Commission 2004, 49). Events vary from the almost incredible to the
regular, their impact from significant to insignificant. The events are
affected by external and internal factors, such as (Committee of Spon-
soring Organizations of the Treadway Commission 2004, 43): economy
(price growth), natural environment (natural disasters), policy (changes
in laws), social (demographic changes), technology (increasing influ-
ence of e-commerce), infrastructure (lack of equipment compared with
the resultant demand), employees (accidents at work), processes (delay
in delivery) and technology (inadequate technology for increased pro-
duction volumes).

Risk Assessment
‘Risks are analysed in terms of likelihood and impact, as a basis for de-
termining how they should be managed’ (Committee of Sponsoring Or-
ganizations of the Treadway Commission 2004, 4). As the legal and busi-
ness conditions constantly change, a permanent risk assessment must
become an iterative process (Sawyer, Dittenhofer, and Scheiner 2003,
66).

Risks are assessed on an inherent and residual basis (Committee
of Sponsoring Organizations of the Treadway Commission 2004, 47).
Risks on an inherent basis are the risks in an organisation or unit, of an
event and so on, without the management initiation of any action that
would reduce either the likelihood of its occurrence or its impact. When
the management adopts risk minimisation activities, we can talk about
remaining (residual) risks (Committee of Sponsoring Organizations of
the Treadway Commission 2004, 49).

In addition, we present the four main steps of risk assessment in the
organisation (Internal Control Standards Committee 2004, 19–23):

• First, we have to identify the risks to the organisation. The identifi-
cation of risk based on the core purpose of the organisation, which
should be considered and evaluated, results in a smaller number
of key risks. The organisation is exposed to risks due to internal
and external factors that are reflected at the organisational level,
as well as the level of activities. It is important that the detection

107
   104   105   106   107   108   109   110   111   112   113   114