Risk Assessment involves a dynamic and iterative process. It considers changes in the external environment/business model that may impede achievement of objectives. Every entity faces a variety of risks from both internal and external sources. Risk assessment forms a basis by which risk will be managed. COSO 2013 maintained the same five components previously identified within the 1992 framework. These include: • Control Environment • Risk Assessment • Control Activities • Information & Communication • Monitoring This session is designed to focus on the Risk Assessment component and the four separate principles that support this component. • The organization must specify objectives with sufficient clarity to enable the identification of risks relating to the objective. • The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. • The organization considers the potential for fraud in assessing risks to the achievement of objectives. • The organization identifies and assesses changes that could significantly impact the system of IC. Management and the external auditors must understand each of these principles and be able to adequately support that they exist, are appropriately designed, and function. In addition, the components must effectively work in combination to provide for a positive attestation to internal controls. The session will dissect the four principles and important concepts that companies need to understand and support in order to provide that the Risk Assessment principles are in place and functioning. We will also discuss concepts related to mapping the principles to controls within the organization. Field of Study: Auditing