Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Documents Related to Risk Assessments, Management

To submit document to Compliance Week's Resource Exchange, simply email the editor and attach your document along with any instructions, comments, or descriptions (i.e., "please post anonymously").

Risk Assessment Process


Very clean and logical look at the risk assessment process in place at a bank holding company. According to the submitter, the document is a guide for risk managers in performing a risk-assessment analysis of a process (or line of business).

Risk Overview: Procurement and Accounts Payable

Novo Nordisk A/S

A nice, simple, one-page example of a risk overview. The document, part of a series, was submitted by a member of the SOX team at Danish healthcare giant NovoNordisk. It is part of a series that the company created to illustrate financial statement risk (assertions) and the entity-level controls, IT controls, and manual controls covering those risks.

Inventory of Financial Reporting Controls


Excellent, simple spreadsheet that outlines objectives, risks, and related control activities. Covers financial reporting procedures, disclosure data, the general ledger, financial statement consolidation, and more. Submitted by the global financial director at a $3+ billion packaging company.

Compliance Gap Assessment Template for Attorneys


Excellent resource aimed at helping corporate lawyers identify the universe of compliance risk areas and issues impacting the company, and then prioritize those risk areas for company-wide risk assessments. Submitted by the ethics/compliance office at a $50+ global technology solutions company. Simple, clear, and in plain English, weighing in at only four pages.

Cognizant Risk Inventory

Williams Ross

Cognizant Chief Risk and Compliance Officer Ross Williams contributed this very detailed "risk investory" template, which is used within his company's ERM function to solicit feedback on risks within the organization. Spreadsheet tackles risk areas and sub-risks, with space for addressing likelihood, impact, mitigation plans, and more.

Risk & Threat Questionnaire

D'Gama Jason

Incredibly detailed spreadsheet, submitted by the IT Corporate Compliance Manager at the $13+ billion retailer Sobey's, comes with two sister spreadsheets on both threat recommendations and risk and threat recommendations. All together, a very powerful and useful set of documents.

Project Risk, "Pitfalls" Map

Needham Andrew

Nice one-page map, designed and submitted by the head of Group Internal Audit at East Midlands International Airport, which is part of the Manchester Airports Group. The document provides a visual representation of project failure, including typical "root causes" and logical progressions.

Risk Assessment Matrix

Broda Bob

This risk matrix—submitted by a vendor, not a public company—is somewhat complex and difficult to follow, but very thorough. Includes multiple worksheets on scoring, issues, control analysis, statistics, and "focus events."

SOX Key Controls Matrix

DiPaola, CPA, CISA Linda

Spreadsheet submitted by the Director of Internal Audit the NASDAQ-listed Empire Resorts, Inc., covering business processes and each of their inherent risks, controls, owners and tasks. Includes two worksheets.

Risk Register Template


This risk "register" template, contributed by an ERM director at a $40+ billion company in the healthcare industry, has fields for entering key risk areas, owners, mitigation & monitoring tasks, and probability & consequence data.

Risk Assessment Criteria


Spreadsheet of risk assessment criteria submitted anonymously by a SOX manager at a global consulting giant. Includes two worksheets.

Sarbanes-Oxley: Implementing A Risk-Based Approach

Zanoni Michael

Presentation delivered at Compliance Week 2007 offers insights on how to implement a risk-based approach to SOX 404, as presented by Boeing Financial Compliance Director Michael Zanoni.

Risk Assessment Process Narrative

Young Ken

Quick three page overview of a model risk assessment process, as submitted by Circuit City VP Internal Audit Ken Young, at Compliance Week 2007 at The Mayflower Hotel in Washington, D.C.

Sample Risk Acceptance Request

Young Ken

Template, submitted by Circuit City VP Internal Audit Ken Young, offers procedure to define the process Internal Audit will follow in documenting a formal risk acceptance by business owners and management.

Model Risk Assessment and Audit Plan

Young Ken

15-page resource submitted by Circuit City VP Internal Audit Ken Young. Includes details on risk assessment methodology and "output"

Unum SOX 404 Risk Assessment Form

Waxenberg Daniel

Sample form to "provide documentation of the risk assessment which determines whether a given process should or should not be subjected to walkthrough and/or testing." Submitted to Compliance Week by Unum AVP Internal Controls Daniel Waxenberg

Hypothetical Risk, Compliance Self-Assessments

Golden David

Excel worksheets submitted by Eastman Chemical Global Business Conduct & Corporate Audit Director David Golden that enable users to rank the relevance, probability and impact of numerous risks. Also includes a business conduct self-assessment form.

Risk Definitions from Aquila

Fountain Lynn

A detailed list of potential risks, as submitted by Aquila VP Risk Assessment & Audit Services Lynn Fountain. Addresses risk definitions for numerous topics including liquidity, fraud, fuel supply, billing, records management, reputation, and more.

Aquila's Enterprise Risk Management Process Methodology

Fountain Lynn

Draft document from Aquila offers the company's working ERM process methodology, addressing issues such as scope and responsibilities. Submitted by Aquila Vice President Risk Assessment & Audit Services Lynn Fountain at Compliance Week's 2007 annual conference in Washington, D.C.

Aquila Control & Risk Matrix

Fountain Lynn

Simple one-pager that looks at impact areas, as submitted to Compliance Week by Aquila Vice President Risk Assessment & Audit Services Lynn Fountain

D&B Corporate Risk Categories

Cohen Jay

Very simple view of D&B's risk categories, as submitted to Compliance Week at our 2007 annual conference by D&B global compliance leader Jay Cohen

D&B Risk Assessment Template

Clifford Chance

Strategic risk assessment template submitted by D&B global compliance leader Jay Cohen

Wellpoint ERM Risk Assessment Tools Sample

Aleman Steve

Excel spreadsheet, submitted by Wellpoint SVP Control Compliance and Assurance Steve Aleman, includes tabs on cultural assessment, risk factors, control indicators, and more.

BNSF Risk Heat Map Tracking Probability, Impact

S. Cohen Scott

Though only moderately useful without the core underlying data, this risk "heat map," submitted by Burlington Northern Santa Fe Vice President Corporate Audit Services David Stropes, illustrates how the company maps risk by probability and impact.

Dominion Resources Risk Matrix Spreadsheet and Risk Map

S. Cohen Scott

Dominion VP and Chief Risk Officer Christine Schwab was kind enough to contribute this excellent Microsoft Excel spreadsheet, which includes a Risk Matrix in use at Dominion Resources, the $15.6 billion producer and transporter of energy.

Sample Job Description: Chief Compliance Officer

Public Company Source Document

Sample CCO job description, submitted to Compliance Week by Bryan Cave partner Heather Rheiner Badami. The document was a "sidebar" to a guest column published Nov. 2, 2004.

Ford - Charter of the Finance Committee

Ford's Finance Committee is an advisory group providing assistance to the Board with issues related to managing exposure to financial risk, reviewing the company's financials and capital structure, recommending dividend actions, reviewing pension strategy, and more.

Dow - Finance Committee Charter

Committee responsible for overseeing the financial affairs of the company, from risk management and tax planning to cash flow management and investment policies.
 Subscribe to the RSS for this page  [view all our RSS feeds here]

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Top Global GRC Risks
Sponsored by NAVEX Global

Thought Leadership

Conflict Minerals Webcast Series
Sponsored by 3e Co., iPoint, Schulte Roth & Zabel and Source Intelligence

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.