This Risk Analysis System, often referred to as a Self Assessment Tool (SAT), is designed to allow online self-assessment of business risks by corporate personnel. The objective is to produce corresponding pre-designed reports for Internal Control, as per Sarbanes-Oxley, within the Corporation and its different levels and entities, e.g., Group, Corporate, Divisions, Shared-Service Centers (SSC) and Subsidiaries.
This self-assessment is organized through periodic campaigns defined, designed, managed and launched generally by a Corporate Internal Audit Department (IAD). These campaigns cover pre-defined parameters like who is entitled/required to perform the self-assessments and what is the pre-defined scope, e.g., the processes and areas to be assessed. The risk categories are flexible but would normally include issues of disasters (fire, flood, industrial accidents, explosion, etc.), major breakdowns of equipment (mechanical or information technology related), software system failures (system failures, data input/processing errors, pirated software, etc.), payment processing problems, the risk of both internal and external fraud and issues of poor budgeting and control procedures.