The Risk Assessment Procedure prioritizes risks in order to manage them effectively and efficiently. The procedure substantially decreases the opportunity for material weaknesses to go undetected. It pertains to the identification and assessment of risk. (18 pages, 3860 words)

Risk Assessment Responsibilities:

The Risk Manager is responsible for identifying and assessing risk, directing the risk assessment, and reporting the results of the assessment to the Board of Directors.

The Board of Directors is responsible for reviewing and approving the risk assessment prior to development of a Risk Management Plan (see AC1030 RISK MANAGEMENT).

Risk Assessment Definitions:

Hazard – Source of danger; specific situation that may influence the probability and/or extent of loss.

Material – Relatively significant or important in the context of the organization.

Risk – (n.) 1. A function of the likelihood of an event and its consequences (impact); 2. Possibility of loss or injury. (v.) Expose to hazard or danger; incur danger of.

Risk exposure – Numeric value assigned to a risk, allowing comparison of different risks.

Risk matrix – Tool used to illustrate and prioritize risks.

Risk Assessment Procedure Activities

Form a Risk Management Committee
Identify Hazards/ Threats
Identify Threat Impact and Likelihood
Determine Risk Levels
Rank Threats
Risk Assessment Review

Risk Assessment Procedure References

17 CFR 210, “Form and Content of and Requirements for Financial Statements, Securities Act of 1993, Securities Exchange Act of 1934, Public Utility Holding Company Act of 1935, Investment Company Act of 1940, Investment Advisers Act of 1940, and Energy Policy and Conservation Act of 1975”
17 CFR 240, “General Rules and Regulations, Securities Exchange Act of 1934”.
17 CFR 241, “Interpretative Release Relating to the Securities Exchange Act of 1934 and General Rules and Regulations Thereunder” (USA),
1996 Amendment to the Capital Accord to Incorporate Market Rises