The Protiviti Risk Model is a comprehensive organizing framework for defining and understanding potential business risks and creating and managing the organization’s dynamic risk universe. Boards of directors and management can use this tool to assess and monitor strategic risks impacting the organization. The model focuses on three different types of risks: environment risk, process risk and information for decision-making risk.
Environment risk arises when there are external forces that can affect a company’s performance or make its choices regarding its strategies, operations, customer and supplier relationships, organizational structure, or financing obsolete or ineffective. These forces are outside management’s ability to control. Process risks include the risk that business processes are not clearly defined, are poorly aligned with business objectives and strategies, do not satisfy customer needs, dilute shareholder wealth, or expose assets to misappropriation or misuse. Information for decision-making risk is the risk that information used to support strategic, operational and financial decisions is not relevant or reliable. This risk relates to the usability and timeliness of information that is either created or summarized by processes and application systems or a failure to understand information needs.