Skip to main content

Internal Control Components: Risk Assessment

Institutions use the resources allocated to them to achieve their goals and objectives. The decisions taken for using these resources, the activities, processes, and projects carried out bring risks.

  • Events or situations considered to harm the achievement of goals and objectives are defined as risks, and events or situations evaluated to impact the goals and objectives are defined as opportunities positively.
  • Identifying and evaluating events or situations that are likely to occur and that are considered to affect the institution’s achievement of its goals and objectives when they occur and providing appropriate responses to them and all activities carried out on this basis constitute the subject of Risk Management.

Risk Assessment Principles

When implementing risk management, institutions consider the following principles and the focal points related to these principles. These principles are briefly mentioned below.

Principle 6: Establishing Appropriate Objectives: The organization* establishes objectives in sufficient detail to identify and assess risks associated with the objectives.

Principle 7: Identifying and Analyzing Risks: The organization*  identifies risks to achieving organization-wide objectives and analyzes them to determine how they should be managed.

Principle 8: Assessing the Risk of Fraud: The organization* considers the potential for fraud when assessing risks to achieving objectives.

Principle 9: Identifying and Analyzing Significant Changes: The organization* identifies and evaluates changes that may significantly affect its internal control system.


*Organization: In the context of the Framework, when defining the principles, the word “organization” includes the board of directors, management, and other personnel. Generally, the board of directors functions as the oversight body under this term.

Bu gönderi şu adreste de mevcuttur: Türkçe