About this template
Depending on the size and maturity of your business, well established risk management processes and controls may be in place. Group Risk Registers, and compliance regimes, annual control attestations, or the work of the SOX team, will help give you insight as to what the risks and controls are within this area.
Whilst these risks and controls are often high level, they provide a great starting point for understanding known risk areas within a business area.
Where your business is not mature and does not have document risk and control maps, this template can help the audit function to build out these key documents.
Why use this template
This template will help the auditor to have informed and meaningful planning discussions with the business area. Furthermore, it will help to identify key risk areas and understand the effectiveness of controls currently in effect.
When to use this template
This template should be used in the planning phase and should be one of the first activities completed by the auditor. The template should be used before there are any planning discussions.
Things to be careful about
This template is only a guide. You may have other more suitable registers and compliance regimes to consider. Additionally, be careful not to fall in the trap where we only consider the risks and controls mentioned in these documents, and not other risks which may not have already been considered.