protiviti Risk Ranking Assessment tool

This risk assessment tool is designed to help identify and document critical business processes and the internal controls within each process. In an effort to comply with Section 404 of the Sarbanes-Oxley Act of 2002, this risk assessment will help to rank and prioritize processes. Combined with facilitated management meetings, this approach can help gain company-wide consensus by including key process owners in risk and controls analysis.

This assessment tool includes:

Instructions
A sample risk universe from which management selects the 15 most critical business processes (this should be customized for your own business processes and industry)
A sample risk map explaining the concept of plotting risks according to 1) Importance to Business/Financial Performance and 2) Likelihood of Process/Control Weakness
A blank risk map for managers to use for ranking
After results are gathered from the participants, you should facilitate a group meeting to review and discuss the results and gain consensus on a final process list and ranking.

See checklist in pdf format.