Back to Insights
Recent2 min readBy Gaurav Pahwa

AT EY Office with Risk Team

Had a wonderful and enriching workshop today at EY office! Grateful to everyone who took out time to attend and actively participate in the session. It was great exchanging thoughts on finance operations, process improvements, compliance, and practical industry challenges.

AT EY Office with Risk Team

Had a wonderful and enriching Risk workshop today!

Grateful to everyone who took out time to attend and actively participate in the session. It was great exchanging thoughts on finance operations, process improvements, compliance, and practical industry challenges.
Risk- A potential event or condition that may prevent the organization from achieving its objectives.

Examples:

Unauthorized vendor payments
Incorrect revenue recognition
Financial statement misstatements
Cybersecurity breaches

Example Risk Statement: There is a risk that unauthorized payments may be processed due to inadequate approval controls.

ELC (Entity Level Controls)- These are high-level controls that operate across the entire organization and set the overall control environment.

Examples:

Code of Conduct
Whistleblower Program
Risk Assessment Process
Audit Committee Oversight
Segregation of Duties Policy
Management Review Meetings

Why Important? ELCs establish the "Tone at the Top" and influence the effectiveness of all other controls.

PLC (Process Level Controls)- Controls embedded within specific business processes. Examples:

Procure-to-Pay (P2P)
PO Approval
Invoice Approval
3-Way Match
Order-to-Cash (O2C)
Credit Approval
Revenue Review
Customer Master Controls
Record-to-Report (R2R)
Journal Entry Approval
Account Reconciliations
Financial Statement Reviews

Purpose: Prevent or detect errors within a specific process.

ITGC (Information Technology General Controls)- Controls over the IT environment supporting financial reporting.

Key Categories:

Access Management
User provisioning
User deprovisioning
Privileged access review
Change Management
System changes approved
UAT performed
Migration controls
Computer Operations
Backup procedures
Incident management
Job monitoring
Logical Security
Password controls
MFA implementation
Periodic access reviews

Example Risk: Unauthorized system access could result in modification of financial data.

Related Control: Quarterly user access review performed and approved by system owners.


Looking forward to more such insightful knowledge-sharing sessions in the future!

#Workshop #KnowledgeSharing #Finance #AccountsPayable #ProcessImprovement #Leadership #ContinuousLearning #FinanceProfessionals

Related Insights