1 Source: www.knowledgeleader.

com
Risk Assessment Instructions
Purpose
This risk assessment tool is designed to help identify and document our critical business processes and the internal controls within
each process. It will help to rank and prioritize processes. Combined with facilitated management meetings, this approach will help us
gain company-wide consensus by including key process owners throughout corporate processes.
Objective
We would like to solicit your feedback to identify and prioritize those processes critical to our business. To do so, we would like to ask
you (along with several other management team members) to identify what you feel are the 15 most critical processes to our business
and rank them against a pre-defined criteria (see below). Your lists will be combined with your peers to create a company-wide list and
ranking for discussion purposes. Within the next two weeks, the Internal Audit Group will facilitate a group meeting to review and
discuss the results and gain consensus on a final process list and ranking. Over the coming months, the Internal Audit Group will
document the processes and controls for each critical process along with opportunities for control enhancements.

Process Universe
The following page contains a list of the primary business processes of our company. This list will serve as a basis for you to select
your 15 critical processes. You are welcome to list any additional processes that you do not find on this list. A blank page is provided
with a sample list to help you begin.

Risk Maps
To rank your critical processes, we would like you to rank each by 1) Importance to Business/Financial Performance, and 2) Likelihood
of Process/Control Weakness and document your results in a Risk Map. A sample Risk Map and ranking are included along with a
blank risk map for your use.

Action Items (Estimated completion time =30 minutes)
1. Please identify the 15 most critical processes to the business.
2. Please plot each process in the risk map as per the instructions above.
3. Please deliver or email your completed results to [Internal Audit/Risk Control Group/Finance] by date:_______________

For further information or assistance, please contact __________________________
Thank you
EXECUTIVE SPONSOR NAME, TITLE
2 Source: www.knowledgeleader.com
Process Universe
The following is a sample list of the primary business processes that should be identified for prioritizing risk throughout the
organization. (This list can be customized for different business lines and industries.)
Contract Sales
Sales Ops Review
Finance Review
Legal Review
Engineering Review
Operations Review
Ad-hoc Sales
Product Marketing
Product Development
Sales Commissions
Inventory Management
Sales & Marketing
Procurement
Manufacturing Quality
Vendor Management (i.e,
competitive bidding, preferred
suppliers)
Testing & Control
Health Assessments
Regulatory Compliance (i.e.,
OSHA)
Manufacturing
Accounts Payable
Accounts Receivable/Billing
Capital Exp Approval
Non-Capital Purchasing
Fixed Assets
Budgeting & Forecasting
Closing the Books/Accounting
Account Reconciliation
Account Analysis
Accruals
Internal Reporting
External Reporting
Tax
Travel & Expense Reporting
Treasury
Debt/Financial Structure
Cash Management
FX/Derivatives/Hedging
Banking Relationships
Insurance
Credit & Collections
Payroll
Finance & Accounting
Technical Support
Problem Resolution & Tracking
Customer Service
Customer Management
Hiring
Non-Standard Employee
Agreements
Employee Benefits Management
Termination
Staffing Analysis (i.e., Manpower
Levels)
Compensation Review
Workers Compensation Mgmt/
Claims Processing
Employee Annual Review
Training & Development
Employee Communication
Feedback
Survey
Employee Loans
Human Resources
IT Strategy/Planning
Systems Implementation &
Integration
Project Management
Software Selection
Software Development
IT Systems Maintenance
Financial (JDE, ADP, CID,
RMS)
HR (JDE HR)
CRM
Business (Paskey, IMS, Web,
Paspro)
Network Administration
Security/Privacy
Business Continuity Planning
Disaster Recovery Planning
Information/Records
Management
Help Desk
Information Systems
Board/Committee Meetings
Executive/Management Team
Meetings
Corporate Governance
Authority/Approval Matrix
Disclosure Controls
Documentation Process
Management & Board
Contract Approval
Litigation Management
Intellectual Property
Whistle Blower
Legal
Third-Party
Alliances/Partnerships
Mergers & Acquisitions
Corporate Development
Facilities Management
Physical Security
Physical Records Management
Corporate Communications
Investor Relations
Public Relations
Receiving
Distribution/Logistics
Telecommunications
Network Management
Infrastructure & Other
3 Source: www.knowledgeleader.com
Sample List & Risk Map
The following list contains a sample of 15 critical processes and a ranking of each process by Importance to Business/Financial
Performance and Likelihood of a Process/Control Weakness.
1
2
4
5
6
3
7
8
9
10
11
12
13
14
15
No. 15 Critical Processes
1 Contract Sales
2 Procurement
3 Accounts Receivable
4 Credit & Collections
5 Service Order Processing
6 Health Assessments
7 Fixed Assets
8 Inventory Management
9 Cash Management/Hedging
10 Regulatory Compliance
11 Facilities Management
12 Distribution/Logistics
13 Network Security/Privacy
14 Insurance/Risk Management
15 Corporate Governance
M
e
d
i
u
m

H
i
g
h

I
m
p
o
r
t
a
n
c
e

t
o

B
u
s
i
n
e
s
s

/

F
i
n
a
n
c
i
a
l

P
e
r
f
o
r
m
a
n
c
e

Prepared By: Title: Date:
Likelihood of Process/Control Weakness

HIGH Medium High
4 Source: www.knowledgeleader.com
Risk Map
Please list what you feel are the15 most critical processes and a ranking of each process by Importance to Business/Financial
Performance and Likelihood of a Process/Control Weakness.
No. 15 Critical Processes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Prepared By: Title: Date:
Likelihood of Process/Control Weakness

HIGH Medium High
M
e
d
i
u
m

H
i
g
h

I
m
p
o
r
t
a
n
c
e

t
o

B
u
s
i
n
e
s
s

/

F
i
n
a
n
c
i
a
l

P
e
r
f
o
r
m
a
n
c
e