Process Review, Risk Assessment and Internal Controls Development

Risks are posed in all operations areas (processes) of your Company from the reception area to top management, and each area is exposed to external financial, political and market risks.

We have developed and used in our work a methodology for internal controls and risk management that is able to meet those internationally respected and adopted such as COSO, which is basically composed of the following:

Business Environment – We study the market in which your Company operates considering the following aspects: competition, economic and political outlook, general and specific legislation, among other, as well as the tools used by Management to make decisions when these aspects negatively or positively influence your market positioning.

Process Framework - We survey the business, operational and managerial processes of your Company using flowcharts and descriptions, as well as make tests of adherence regarding the listed procedures.

Identification of Process Risks - We analyze the scenarios found and unfolded through flowcharts and descriptions, considered for each one of the processes, and identify the potential risks.

Assessment of Business and Process Risks - We assess the effects of previously identified risks on the operation of your Company, distributing them in quarters according to their relevance and probability of occurrence. Identification of Existing Controls - We survey, assess and test the efficiency and effectiveness of the existing controls to eliminate or reduce the identified risks.

Report - We issue report by clearly and objectively presenting the procedures followed, the satisfactory controls and the faults found, to which we describe in details the points made, their implication and our recommendation for improvement of processes and controls that minimize risks of new faults. We also present an executive summary of the main points listed to the top management. All parts of the report are previously discussed with the managers of the involved areas.

Implementation of Recommendations - We implement or assist managers in the implementation of action plans suggested in our report with the purpose of eliminating or reducing all significant risks to which the Company is posed.
Every company seeking opportunities faces uncertainties and is subject to risks that may hinder its operations, return and even its continuity. Risks cannot be eliminated, but can be managed to make the minimum possible impact in case they posed, and to be according to the appetite of investors and administrators.


There are countless of risks, which can be classified into three big groups:environment risks (competition, politics, economy, catastrophes, etc.), process risks (operational, authorization, of technology, etc.),and decision-making risks (strategic,financial, etc.).


Over the years, in response to these risks, several internal controls tools were created, among which we highlight the COSO Framework, an integrated framework aimed at managing corporate risks, developed in the US by the Committee of Sponsoring Organizations of the Treadway Commission, composed of private and regulation entities related to the capital markets.

One of the risk management stages is the mapping of operational processes, that is, of the activities that are carried out in each area, necessary for the company to operate and meet its objectives.


As example of processes, we can mention the purchase of materials, either for manufacturing or resale, or even to a service company, which may be subject to financial risks, legal and regulatory risks, exclusivity risks, fraud risk, among others. These processes should be mapped, and the risks for which internal controls should be developed should be listed, according to their materiality and likelihood of occurring.

COSOhas also published Internal Control – Integrated Framework, which establishes a framework of internal controls and provides assessment tools for the use of companies and other entities to assess their internal control systems.

Internal Control – Integrated Framework defines internal control as a process conducted by the board of directors, management and personnel of an organization, aimed at providing reasonable assurance as to the achievement of the objectives of the following categories:

• Effectiveness and efficiency of operations;

• Reliability of financial reporting;

• Compliance with applicable laws and regulations.

Finally, for COSO control activities are the policies and procedures that contribute to ensure that responses to risks are given. These activities take place throughout the organization, in all levels and duties, because they comprise a series of activities as varied as approval, authorization, verification, reconciliation and review of the operational performance, asset security and segregation of duties.

Additionally, the review of processes, the risk assessment and the internal controls development shall be carried out together with the accounting department, because the later is responsible for the recording of all transactions, as well as the financial evaluation of assets, liabilities, revenues and expenditures, based on the managerial decisions of other areas and strategic decisions of the top management, and on the environment in which the company operates.

The company is not static nor the environment that it operates, therefore, the mapping of processessuch as internal controls shall be reviewed and redone if necessary, as well as new activities may be created that did not previously exist.

We have extensive experience in mapping of processes and internal controls, and UniQue can guide and assist you in managing the risks necessary for creating value to your company.

back