Top-Down, Risk-Based Compliance 
The Process Control risk model allows you to identify the subprocesses and account groups or assertions to be audited, based on risks assigned to the account groups or assertions, and to the controls. Relationships can be associated between account groups or assertions, as well as between subprocesses and control objectives.
Compliance efforts are directed to areas that present the highest risk, such as the financial statement close process, and controls that are designed to prevent fraud.
The top-down, risk-based approach of the application comprises materiality analysis, risk assessment, control risk assessment, and level of evidence determination.
The following table summarizes the approach:
Aspect |
Description |
|---|---|
Identify significant accounts and assertions |
Consider materiality, likelihood of errors or fraud, accounting and reporting complexities, and subjectivity. |
Identify risks of financial misstatements |
To determine the sources and likelihood of misstatements, ask: “What could go wrong?” |
Identify significant locations and processes |
Consider significant accounts and assertions plus other risks of financial misstatements |
Assess the financial reporting risks |
Rate the risks, considering the impact and likelihood of material misstatements in financial reports. |
Identify controls to address financial reporting risks |
Consider entity-level, transaction, IT, and monitoring controls. |
Evaluate control operating effectiveness |
Consider control risk factors to determine the nature, extent, and timing of evaluations. |
Process Control uses the following mechanisms to develop a testing strategy and level of evidence:
Materiality analysis: Organizations and subprocesses in scope of assessments
For more information, see:
Control risk assessment and level of evidence
For more information, see:
The Customizing activity Set Level of Evidence Value under
Governance, Risk and Compliance 
Process Control Scoping 