8 The COSO framework: risk assessment

The second internal control component is risk assessment. A general definition of risk is the variation from an expected outcome over time (Kallman, 2005).

A favourable or positive risk could be referred to as an opportunity, while a negative risk could be referred to as a threat and the possibility of harm or loss. Examples of opportunity or positive risk include favourable mergers, acquisitions and new business ventures. There are some negative risks, including risk from fraud, money laundering and poor organisational controls (Hillson, 2002).

OpenLearn - Corporate fraud and criminal behaviour
ou logoCreative Commons non-commercial share alike icon Except for third party materials and otherwise, this content is made available under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Licence, full copyright detail can be found in the acknowledgements section. Please see full copyright statement for details.