Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Agenda
Controls 101
Control Types
Control Execution
Control Categories
Process
Risk Map
Control Summary
Wrap-up
What is Risk?
Example:
The Airline Industry
Risks: Terrorism,
Bankruptcy
3
What is a control?
Example:
The Airline Industry
Controls: Security
measures
4
Description
Preventive Controls
Prevent undesirable
events from occurring
Facilitate desirable
events
Examples
Detective Controls
Identify/Detect
undesirable events
System controls
preventing
unauthorized access
Restrictions of user
overrides
Segregation of duties
Dual entry of sensitive
managerial
transactions
Exception reports,
management review
and action taken on the
exceptions
Example:
The Airline Industry
Preventive?
Detective?
5
Manual (performed by
people)
Examples:
Authorizations,
Management reviews
Automatic (embedded in
application code)
Examples: Exception
reports, Interface
controls, System access
Example:
The Airline Industry
Manual controls? Automatic controls?
Control Categories
Control Category
Legend
Description
Example
Authorization
Authorization limits.
Management Review
Reconciliation
Segregation of Duties
System Access
LBNL Process
Risk
Assessment
Document
Controls
Test
Controls
Remediate
Report to
DOE
Risk Ranking
General Ledger Management
Funds Management
Cost Management
Property Management
Environmental Liabilities
Payroll
Acquisition Management
Payables Management
Project Cost Management
Receivables Management
Benefits Administration
Revenue Recognition
Travel
1
2
3
4
3
Impact
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
1 3
1 2
1 1 1 0 9
Likelihood
Inherent
Risk Key:
High
Medium
Low
Manual
Automated
Total
Funds
Cost
GL
Property
AP/Improper
Payments
11
Project Cost
Management
20
25
Acquisitions
19
25
Payroll
10
19
Environmental
Liabilities
16
19
12
91
32
123
IT*
Totals
10
Wrap-Up
Questions?
Contact jwick@lbl.gov
11