The Research On Risk Assessment Of COSO Framework

In July 2002, the United States Federal Government enacted the Sarbanes-Oxley Act. The section 404 of this Act required publicly registered companies to report on the effectiveness of the company's internal control over financial reporting. SEC recommended using the Committee of Sponsoring Organization's (COSO) Internal Control-Integrated Framework which is the most widely applied model in the United States as the citerion of internal control assessment for the managers and CPA.In this Framework, risk assessment was put into as a basic element, and this Framework also pointed out the conception that control is closely related to risk. For an entity to exercise effective control, it must identify and analyze its risks. Under this background, how to identify and analyze risk has become one of the main content of the internal control, so the research on risk assessment of COSO Framework has important meanings.This paper used the theory of financial management, accounting, and statistics. Based on the theory analysis, guided by the COSO Framework and the Sarbanes-Oxley Act, this paper concentrates on the basic element of the internal control system—risk assessment.Focusing on risk assessment of the activity-level, this paper designs a practical process of risk assessment in order to realize the function of risk assessment as the key and basic element of internal control system, and enhance the consciousness of risk defence.The practical process of risk assessment includes:Firstly,it must establish objectives.Secondly,it should indentify the risk of activity-level,which means indentify significant accounts and disclosures by the consolidated financial statement,identify business processes/cycles and sub-processes/cycles and map to significant accounts and disclosures,identify the relevant financial statement assertions for each significant account and disclosure,in order to perform a risk assessment of the business sub-processes/cycles.Thirdly,in order to confirm the risk's grade,we use the FMEA method to analyze the risk.Finally,it designs a risk database and constitutes scientific system of risk assessment.In addition,this paper designs a practical process of risk assessment of the PetroChina Northwest Marketing Company to explain the process of risk assessment.