Risk Assessment and Scoping

The effectiveness of this phase will have a significant impact on the success of the entire project.  The key to success here, which is consistent with current guidance from the SEC and PCAOB, is two-fold:  first, take a “top-down” approach to identifying significant accounts and classes of transactions; second, take a “risk-based” approach to determining the appropriate level of internal control assessment required for the various processes and locations within the organization.  Essentially, this all means that efforts should be focused on the activities that present the greatest exposure to material misstatement of financial records.  While controls over the entire organization are ultimately being assessed, different methods and degrees of effort can be applied to different functions to obtain reasonable assurance regarding the effectiveness of internal controls as a whole.  With this approach, resources can be deployed efficiently to the highest-risk functions, accounts and locations, while minimal costs are incurred in areas of less risk.  Our experience will help you evaluate risk at the entity level and the transaction level, and direct appropriate resources to the respective processes and locations.   The final product from this phase is a list of the processes that impact financial reporting, and the degree of risk to be addressed at each one.  The degree of risk determines the level of Sox effort required for each process.  The Precipio Group has the experience to help you make appropriate scoping decisions, thereby minimizing your Sox related costs.