Abstract
This case describes the development, implementation, and results of a Fortune 500 company's risk assessment process. Some information about the company has been altered due to the company's request for anonymity. However, the detailed descriptions of the risk assessment process and the risks identified by management are factual. The newly hired Director of Internal Audit Services in this case already had seven years of experience managing external audits for a major international public accounting firm. The company had been one of his audit clients, so he was very familiar with their internal controls and financial reporting procedures. He was hired to develop a comprehensive internal control program to comply with the COSO Report (1992). His first step was to develop a process of risk assessment. This case describes the design and implementation ofthat risk assessment process. [PUBLICATION ABSTRACT]