Now that you have got an idea of how to categorize your risk groups, let us see if ‘sub categorization’ makes for any benefits.
Major categories such as General Accounting or Procurement or Information Systems is too generic, but good for top level grouping and reporting.
However, many organizations operate differently and we need to keep this in mind while defining sub categories.
For example a mid sized organization may not have an exclusive department or outsourced unit for, say accounts payable or receivable, and it may not warrant to have more than one risk category for General Accounting.
But a large organization spread geographically with huge revenue coming in from sales spread across many want to have an eye on risks trending in the accounts receivable – collections, credit notes / Days sales outstanding issues, etc.
Find below examples of some generic sub categories within Risk categories that could be helpful for focussed reporting and grouping.
-
General Accounting
-
Accounts payable
-
Accounts receivable
-
Cash accounting and payment process
-
Journal entries and book closure
-
Consolidation
-
……………………
-
Procurement
-
Direct materials purchase
-
Indirect materials purchase
-
Goods receipt and returns
-
Credit notes
-
Vendor business volumes
-
……………..
3. Information Systems
-
3rd party software implementation
-
In-house projects
-
Hardware / servers
-
Network infrastructure
-
Back ups and disaster recovery
-
Cyber Security
-
…………………