Internal Audit Risk Assessment

Sample Company

l
na
t's

io
en
y

at
lit

em
ia

er
or
er

ag

p
el
at

X) d (O
an
nn
t/M

ss

M
so
ce
en

(A ith

SO ite
+F re
e

er
o
nc
m

]
Pr

s P

es t w

+A
P) co
)

o r ud
)
e

e?
ia

(P

(F

)
s

se in
at

of

iv n
pl

x lS
St

ar A
al

su

k
es es

bl
at e
ity
om

is
lit

iti nm
I)
n

rin
Is

oc ng
al

Ye ast
ex

[(I ota

ita
(
io

R
bi
/C

e
ci

ct
at

it o

In lig
Pr ha
pl

d
m
n

w
al

ud
pa

ob
r

L
au
om
na

lu

on
pe

A
Audit Comments

o
g

Kn
Vo
Im
Le

Pr

Fr

A
IT
Fi

M
O

C
Weighting Factor 30% 20% 35% 15% N/A 20% 25% 20% 25% 10% N/A N/A N/A N/A N/A N/A
DEVELOP/ACQUIRE PRODUCT (DA)
DESIGN (DA1)
Color, Trend & Concept
Design
Accessories Design
Project Management/Calendar
PRODUCTION MANUFACTURING (DA2)
Raw Materials Supply Chain
Product Development (Fabric & Color)
Technical (Woven & Knit)
Factory Compliance
- Vendor Code of Conduct
- Vendor Audits
- Overruns and selloffs
MERCHANDISING (DA3)
Line Plans
Buying
Accessories Buy
PRODUCE & DELIVER PRODUCT (PD)
SOURCING (PD1)
Design Development
Manufacturing Capacity & Triggers
Title Transfer
US Customs
- Compliance
IMU/MMU Tracking
Monitor WIP
DISTRIBUTION NETWORK (PD2)
Quality Control
Receiving
- Receipt matched against PO
Inventory Management
- Inventory Pick System
Distribution
Pullback/Selloff
eCommerce
- Items sold to customer are shipped
Subsidiary
PLANNING & ALLOCATION (PD3)
Merchandise Planning
- JDA/Arthur
Store Planning & Allocation
Testing
MARKET & SELL PRODUCT
ESTABLISH & DELIVER(M) MARKETING
STRATEGY (M1) 1.0 1.0
Marketing Plan 1 1
Customer Relationship Marketing 1 1
- Privacy
- Assessing effectiveness of promotions
- Capitalization of direct costs
- ADS Customer Data Warehouse
Proprietary Credit Card 1 1
 Internal Audit Risk Assessment

l
na
t's

io
en
y

at
lit

em
ia

er
or
er

ag

p
el
at

X) d (O
an
nn
t/M

ss

M
so
ce
en

(A ith

SO ite
+F re
e

er
o
nc
m

]
Pr

s P

es t w

+A
P) co
)

o r ud
)
e

e?
ia

(P

(F

)
s

se in
at

of

iv n
pl

x lS
St

ar A
al

su

k
es es

bl
at e
ity
om

is
lit

iti nm
I)
n

rin
Is

oc ng
al

Ye ast
ex

[(I ota

ita
(
io

R
bi
/C

e
ci

ct
at

it o

In lig
Pr ha
pl

d
m
n

w
al

ud
pa

ob
r

L
au
om
na

lu

on
pe

A
Audit Comments

o
g

Kn
Vo
Im
Le

Pr

Fr

A
IT
Fi

M
O

C
Website 1 1
- Capacity, changes, etc
Brand Development 1 1
VISUAL COMMUNICATION (M2) 1.3 1.0
Visual Merch Windows 1 1
Store Layouts 1 1
Floorsets 3 1
PR/Editorial 1 1
Print Production 1 1
Design & Copy 1 1
STORES & CUSTOMER SERVICE (S)
REAL ESTATE & CONSTRUCTION (S1) 1.3 1.5 1.3 1.0 1.3
Site Selection 1 2 1 1 1.2
Negotiate Leases 2 1 1 1 1.3
- Projections and approvals
Bids & Project Management 1 2 1 1 1.2
- Contracts and Change Orders
- Pre Opening and Closing Costs
- Collection of Construction Allowance
Lease Administration 1 1 2 1 1.4
MANAGE RETAIL FIELD OPERATIONS (S2) 1.8 1.0 1.0 4.5 1.8
New Store Openings 1 1 1 22 4.2
Store Communications 1 1 1 1 1.0
Policies and Procedures 4 1 1 1 1.9
Store Operations 1 1 1 1 1.0
Manage Sales Force & Payroll Alloc 3 1 1 1 1.6
- Cybershift
Customer Service 1 1 1 1 1.0
- Appeasements
ECOMMERCE (S3) 1.0 1.0 1.0 1.0 1.0
Operations 1 1 1 1 1.0
- Vendor management and oversight
- Promotions and markdowns
MANAGE INFORMATION
MANAGE & LEVERAGE RESOURCES
RECORDS AND TECH (IT)
& DOCS
(IT1) 1.0 1.0 4.3 1.0 2.2
Document Retention 1 1 1 1 1.0
- Back ups and Recovery
IT Generated Reports 1 1 11 1 4.5
Systems Integration 1 1 1 1 1.0
IT STRATEGY & DEVELOPMENT (IT2) 1.0 1.0 1.0 1.0 1.0
Corporate Systems 1 1 1 1 1.0
Finance Systems 1 1 1 1 1.0
Store Systems 1 1 1 1 1.0
Project Management and Admin (SDLC) 1 1 1 1 1.0
- New systems
USER SUPPORT (IT3) 1.0 1.0 1.0 1.0 1.0
Issue Tracking 1 1 1 1 1.0
- Documentation of Approvals
Technical Assistance 1 1 1 1 1.0
MANAGE TECHNICAL ENVIRONMENT (IT4) 1.0 1.0 1.0 1.0 1.0
Network Servers 1 1 1 1 1.0
Major Systems Support - Hardware 1 1 1 1 1.0
Major Systems Support - Software 1 1 1 1 1.0
Telecom 1 1 1 1 1.0
- Ownership and usage
 Internal Audit Risk Assessment

l
na
t's

io
en
y

at
lit

em
ia

er
or
er

ag

p
el
at

X) d (O
an
nn
t/M

ss

M
so
ce
en

(A ith

SO ite
+F re
e

er
o
nc
m

]
Pr

s P

es t w

+A
P) co
)

o r ud
)
e

e?
ia

(P

(F

)
s

se in
at

of

iv n
pl

x lS
St

ar A
al

su

k
es es

bl
at e
ity
om

is
lit

iti nm
I)
n

rin
Is

oc ng
al

Ye ast
ex

[(I ota

ita
(
io

R
bi
/C

e
ci

ct
at

it o

In lig
Pr ha
pl

d
m
n

w
al

ud
pa

ob
r

L
au
om
na

lu

on
pe

A
Audit Comments

o
g

Kn
Vo
Im
Le

Pr

Fr

A
IT
Fi

M
O

C
MANAGE SECURITY (IT5) 1.0 1.0 1.0 1.5 1.1
Physical Security 1 1 1 2 1.2
- Physical security
Logical Security 1 1 1 1 1.0
- Logical access
MANAGE FINANCIAL & PHYSICAL RESOURCES Sox
(F)
BUDGETS & FORECASTING (F1) 1.0 3.0 1.0 1.0 1.4
Financial Planning & Analysis 1 1 1 1 1.0
- Budget process
- Forecasts and Budget to Actual
Store Finance 1 5 1 1 1.8
- Asset impairment
- Wage rate controls
- Bonus process
- Comp sales reporting
CASH - Supplies management
MANAGEMENT/ CREDIT & COLLECT
(F2) 1.0 2.5 1.0 1.0 1.3
Cash Management & Treasury 1 4 1 1 1.6
- Forecasts
- Investment decisions
- Movements and reconciliations
Sales Audit 1 1 1 1 1.0
- Reconciliation and discrepancies
- Chargebacks
CAPITAL PLANNING (F3) 1.0 1.0 1.0 1.0 1.0
New Store Approval 1 1 1 1 1.0
- Evidence of approval
Real Estate Finance 1 1 1 1 1.0
Other Capital Expenditures 1 1 1 1 1.0
- Requests and Approvals
PROCUREMENT & AP (F4) 1.0 1.3 1.5 1.1 1.2
Merchandise 1 1 1 1 1.0
- Vendor Selection
- PO's
- IP
Real Estate 1 3 1 1 1.4
- Payment as per contract
- CAM charges
- RetaiLease
- Sales reporting
IT 1 1 1 1 1.0
- Goods received
- Valid, justified, authorized, budgeted
Construction and Store Maintenance 1 1 1 1 1.0
- Valid, justified, authorized, budgeted
- Per contract, change orders
- Competitive bid
Marketing 1 1 4 1 2.1
- Valid, justified, authorized, budgeted
- Accruals as no proper PO system
T&E 1 1 1 2 1.2
- According to policy
Other Procurement 1 1 1 1 1.0
- Valid, justified, authorized, budgeted
- Competitive bid
- Inventory Management
 Internal Audit Risk Assessment

l
na
t's

io
en
y

at
lit

em
ia

er
or
er

ag

p
el
at

X) d (O
an
nn
t/M

ss

M
so
ce
en

(A ith

SO ite
+F re
e

er
o
nc
m

]
Pr

s P

es t w

+A
P) co
)

o r ud
)
e

e?
ia

(P

(F

)
s

se in
at

of

iv n
pl

x lS
St

ar A
al

su

k
es es

bl
at e
ity
om

is
lit

iti nm
I)
n

rin
Is

oc ng
al

Ye ast
ex

[(I ota

ita
(
io

R
bi
/C

e
ci

ct
at

it o

In lig
Pr ha
pl

d
m
n

w
al

ud
pa

ob
r

L
au
om
na

lu

on
pe

A
Audit Comments

o
g

Kn
Vo
Im
Le

Pr

Fr

A
IT
Fi

M
O

C
Disbursements 1 1 2 1 1.4
- Vendor file maintenance
- Payments valid and approved
- Freight and customs
INVENTORY CONTROL (F5) 1.0 1.0 1.0 1.0 1.0
Maintain Inventory Records 1 1 1 1 1.0
- Debits
- Stock ledger to sales journal
- Vendor allowances
- Valuation (retail method)
Shrink 1 1 1 1 1.0
- BOL's and transfers
- physical count
PAYROLL (F6) 1.0 1.0 1.0 1.0 1.0
Payroll 1 1 1 1 1.0
- Adds, Deletes and Changes
- Time reporting and adjustments
- Payroll systems
- Withholdings
- Bank recs
HUMAN RESOURCES (F7) 1.0 1.0 1.0 1.0 1.0
Compensation and Benefits 1 1 1 1 1.0
- Commissions
- Bonus process
- Stock compensation
- HR System
- Executive perquisites
- Withholdings and remittances
Union Relationships 1 1 1 1 1.0
Reviews and Evaluations 1 1 1 1 1.0
Recruiting 1 1 1 1 1.0
- Issuing offers
- Maintaining files - I-9, CoC, etc
- Additions to payroll system
- Filling of positions (effectiveness)
Training and Development 1 1 1 1 1.0
FINANCIAL CLOSE & REPORTING (F8) 1.0 1.0 1.0 1.0 1.0
Financial Reporting 1 1 1 1 1.0
- Account Reconciliations
- Journal entries
- Fixed Assets
- Financial System
- Insurance
- AR
Management Reporting 1 1 1 1 1.0
- Reporting system
External Reporting 1 1 1 1 1.0
- Debt Compliance Reporting
- SEC Filings
- Intangibles
- MD&A Support
- CD&A Support
TAX (F9) 1.0 1.0 1.0 1.0 1.0
Compliance 1 1 1 1 1.0
- FIN 48 Support/Reserves
Returns 1 1 1 1 1.0
 Internal Audit Risk Assessment

l
na
t's

io
en
y

at
lit

em
ia

er
or
er

ag

p
el
at

X) d (O
an
nn
t/M

ss

M
so
ce
en

(A ith

SO ite
+F re
e

er
o
nc
m

]
Pr

s P

es t w

+A
P) co
)

o r ud
)
e

e?
ia

(P

(F

)
s

se in
at

of

iv n
pl

x lS
St

ar A
al

su

k
es es

bl
at e
ity
om

is
lit

iti nm
I)
n

rin
Is

oc ng
al

Ye ast
ex

[(I ota

ita
(
io

R
bi
/C

e
ci

ct
at

it o

In lig
Pr ha
pl

d
m
n

w
al

ud
pa

ob
r

L
au
om
na

lu

on
pe

A
Audit Comments

o
g

Kn
Vo
Im
Le

Pr

Fr

A
IT
Fi

M
O

C
- Filings
Audits 1 1 1 1 1.0
- Responses and settlements
eCommerce 1 1 1 1 1.0
- SalesASSET
PHYSICAL tax in multiple jurisdictions
& FACILITIES MGMT
(F10) 1.0 1.0 1.0 1.0 1.0
Mailroom/Copy Center 1 1 1 1 1.0
Maintenance 1 1 1 1 1.0
LOSS PREVENTION (F11) 1.0 1.0 1.0 1.0 1.0
Security 1 1 1 1 1.0
Incident Investigation 1 1 1 1 1.0
Store Compliance 1 1 1 1 1.0
- Monitoring Tool
Background Checks 1 1 1 1 1.0
INTERNAL AUDIT (F12) 1.0 1.0 1.0 1.0 1.0
Audits and Reviews 1 1 1 1 1.0
- Quality Assessment
CORPORATE MANAGEMENT ( C )
CORPPORATE GOVERNANCE (C1) 1.0 1.5 1.2 1.0 1.2
SOX/PCI Compliance 1 2 1 1 1.2
Strategy/Long Range Plan 1 1 1 1 1.0
Tone at the Top 1 1 1 1 1.0
- Executive T&E review
- Code of Conduct
Monitoring of Corporate Legal Issues 1 3 1 1 1.4
Communication to Market 1 1 1 1 1.0
Debt 1 1 2 1 1.4
HOT TOPICS 1.0 1.0 1.0 1.0 1.0
ERM (C2) 1 1 1 1 1.0
New Concept (C3) 1 1 1 1 1.0
Document Retention (C4) 1 1 1 1 1.0
- Adherance to policy
FS/Materiality - Dollars flowing through a Complexity of process - Third party or cross
particular area functional dependancy
Legal/Compliance - Existance of either Volume - The number of transactions or data
legal or compliance issues processed
Operational - Impact on day-to-day selling Known Issues - Issues of nonimmediate nature
of merchandise identified
Changes in Personnel or Processes - New or
IT - Reliance on IT systems significantly different processes/personnel
Monitoring - Formality and frequency of monintoring
procedures

For I&P <2 L

2-2.5 M
>2.5 H

For F&A <1.5 L

1.5-2 M
>2 H

For Total <6 L

6-9.5 M
>9.5 H