Now that you have got an idea of how to categorize your risk groups, let us see if ‘sub categorization’ makes for any benefits.
Major categories such as General Accounting or Procurement or Information Systems is too generic, but good for top level grouping and reporting.
However, many organizations operate differently and we need to keep this in mind while defining sub categories.
For example a mid sized organization may not have an exclusive department or outsourced unit for, say accounts payable or receivable, and it may not warrant to have more than one risk category for General Accounting.
But a large organization spread geographically with huge revenue coming in from sales spread across many want to have an eye on risks trending in the accounts receivable – collections, credit notes / Days sales outstanding issues, etc.
Find below examples of some generic sub categories within Risk categories that could be helpful for focussed reporting and grouping.
Cash accounting and payment process
Journal entries and book closure
Direct materials purchase
Indirect materials purchase
Goods receipt and returns
Vendor business volumes
3. Information Systems
3rd party software implementation
Hardware / servers
Back ups and disaster recovery