Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Conducting Cost Benefit Analysis Before Implementing Controls - Sarbanes Oxley Control Deficiency
02/17/06
Conducting Cost Benefit Analysis Before Implementing Controls - Sarbanes Oxley Control Deficiency
Once internal controls have been evaluated, management may find certain material weaknesses which make the controls ineffective. Remediating material weakness found is a major task. The first question which most management's ask is -
"How much is it going to cost us in remediating these material weaknesses / control deficiencies?"
Management need to make a decision on the costs to be incurred in reducing risk to an acceptable level. The best way of doing this is a cost benefit analysis. Eliminating risks involves a cost element, doing a cost benefit analysis helps in knowing whether the costs to eliminate risks are justifiable. Some factors to be considered while making a formal risk assessment are given below:
1. Make a list of possible alternatives (including controls) which can help in eliminating risks.
2. Identify cost behind each alternative identified above.
3. Quantify the costs and associated risks if possible.
4. Assign probabilities to alternatives identified, taking estimated loss and frequency of occurence into account.
5. Based on above calculate the benefits of reducing risks by installing controls. This can be achieved by multiplying estimated loss with probability.
6. Now, estimate the total savings in cost due to control installed / reduced risk. This estimate should be made keeping a reasonably long time frame in mind.
7. Finally, compare the benefits vs costs. If benefits are more, it is a clear cut case for installing more controls.
Related Posts..............
> SOX Nature of Tests of Controls
> Record Retention under SOX
> Direct Evidence for Evaluating Internal Controls
> Antifraud Action Plan for SOX Compliance
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
