Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management, Control Frameworks and Governance (8 - 11%)

Published byDominic Cunningham Modified over 6 years ago

Similar presentations

Presentation on theme: "Risk Management, Control Frameworks and Governance (8 - 11%)"— Presentation transcript:

1 Risk Management, Control Frameworks and Governance (8 - 11%)
MODULE 3 Risk Management, Control Frameworks and Governance (8 - 11%) Lecturer: Dale Neuls, BA, CGA DN 14/15

2 techniques mitigate risks
RISK MANAGEMENT enterprise risk possibility of events occurring that will impact achievement of objectives measured in terms of impact and likelihood techniques mitigate risks avoid (redesign processes) diversify (several suppliers) control (dampbqs) share/transfer (insurance, warranties) accept

3 ERM is process put in place by board and management applied in strategy setting across enterprise
1. Assess risks (risk frameworks) e.g. Royal Bank little control - political, economic, social, financial influence/not control - competition, regulatory environment, reputation control (IA focus) - credit, market share, liquidity, technology, people, operations 2. Determine risk limits establish acceptable tolerance limits for risks e.g. warranty claims 3. Design/evaluate controls put controls in place to ensure risks remain within established tolerances 4. Measure performance change techniques to mitigate risks

4 WESTJET ANNUAL REPORT Risk management (Note 13)
The Corporation is exposed to market, credit and liquidity risks associated with its financial assets and liabilities. From time to time, the Corporation will use various financial derivatives to reduce market risk exposures from changes in foreign exchange rates, interest rates and jet fuel prices. The Corporation does not hold or use any derivative instruments for trading or speculative purposes. Overall, the Corporation’s Board of Directors has responsibility for the establishment and approval of the Corporation’s risk management policies. Management continually perform risk assessments to ensure that all significant risks related to the Corporation and its operations have been reviewed and assessed to reflect changes in market conditions and the Corporation’s operating activities. Risks - fuel, foreign exchange, interest rate, credit, liquidity

5 Business/inherent risk
TYPES OF RISKS Business/inherent risk common to all company functions (internal/external) organizational complexity management practices and culture (boss vs leader) competitive pressures economic and financial situation

6 specific which varies from operation to operation e. g
specific which varies from operation to operation e.g. finance, production competence and training of staff complex – nature of processes/significant locations extent of management information systems Control risk I/C systems may not prevent/detect problem because controls deteriorate over time (dampbqs) complacency short cut knowledge technology changes

7 Audit procedures risk chance that audit will fail to detect error
sampling recognition/evaluation training/competence

8 IA ROLE RISK MANAGEMENT
IIA 2100 Nature of Work IA must evaluate and contribute to the improvement of governance (2110), risk management (2120) and control (2130) processes using a systematic and disciplined approach risk based auditing requires IA to identify auditable activities (audit planning) to evaluate controls and identify risk factors that impact achievement of objectives to examine techniques in place to mitigate risks

9 CONTROL FRAMEWORKS IIA define control
any action taken by management, board or other parties to manage risk and increase likelihood that established objectives/goals will be achieved IIA 2130 requires IA to evaluate internal controls in responding to risks regarding achievement of organization strategic objectives integrity and reliability of financial/operating information compliance with laws, policies and contracts safeguarding of assets 3 E’s - economy, efficiency, effectiveness of operations and programs

10 control frameworks designed to provide insight into structure, workings and assessment of control focus on taking key risks and identifying means of mitigating risks and knowing are under control consist of definition of control and criteria of control grouped in logical way

11 frameworks CoCo COSO Cadbury Committee
1995, Canadian - CICA Criteria of Control Board COSO 1992, American - Committee of Sponsoring Organizations of Treadway Commission e.g. AICPA, IIA, AAA Cadbury Committee UK - Committee study of corporate governance King Report on Corporate Governance South Africa - Committee study of corporate governance

12 CoCo CONTROL FRAMEWORK
defines control those elements of organization (resources, systems, processes, culture, structure, tasks) that support achievement of objectives control should provide reasonable assurance effectiveness and efficiency of operations reliability of internal and external reporting compliance with laws, regulations and internal policies

13 20 control criteria separated into 4 groups of control
Purpose “knowing what to do” criteria - vision, planning, objectives, leadership, goal congruence, risk assessment, integration with society Commitment “wanting to do it” criteria - ethics, tone at the top, trust, recognition, communication

14 Capability Monitoring/Learning “being able to do it”
criteria - skilled/sufficient resources, information, funds, control processes, teamwork Monitoring/Learning “how to do it better next time” criteria - performance measurement, continuous improvement, new ideas

15 COSO CONTROL FRAMEWORK
defines control process, effected by board, management and staff designed to provide reasonable assurance regarding achievement of objectives SEC requires use of COSO framework by public companies to document internal controls for SOX control should provide reasonable assurance of effectiveness and efficiency of operations reliability of financial reporting compliance with laws and regulations

16 consists of 5 groups of control
Control environment sets tone for organization, influences control consciousness Risk assessment assessment of internal/external risks to financial reporting and safeguarding of assets Control activities policies and procedures help ensure management directives are carried out Information and communication pertinent information identified, captured and communicated Monitoring internal control systems need to be monitored, are they working?

17 auditing using CoCo and COSO frameworks
both management and IAs must understand nature and limitations of controls identification and evaluation of soft controls trust, working relationships, empowerment control assessment process CoCo ten stage COSO six stage

18 CONTROL SELF ASSESSMENT
internal review process by management/staff to examine and assess internal controls which recognizes that management is responsible for controls not IA/EA initial development of CSA done in 1980's by IA Gulf Canada used with large companies e.g. Bell Canada, Nike, Georgia Pacific, Ontario Hydro, IBM use of team workshops and surveys facilitated by IA to assess/evaluate controls survey questions developed from CoCo or COSO control criteria

19 seven stage assessment process
1. Identify business objectives and customize the process for the participating workshop team. 2. Conduct one or more workshops with management and staff from the unit being assessed. 3. Prepare a summary report and provide feedback. 4. Analyze and review results, comparing them with those from other workshops. 5. Report results to management. 6. Report summary results to the audit committee. 7. Provide follow-up and assistance in dealing with the issues identified.

20 advantages disadvantages
promotes fresh thinking about controls and encourages constructive criticism (purpose of control, who responsible) disadvantages lack of commitment by staff oversimplification of investment, learning and planning commitments for workshops difficulty in determining composition of team workshops lack of management support narrow focus on financial controls rather than areas of operations and compliance

21 CONTINUOUS AUDITING technique auditors use to monitor risks and evaluate effectiveness of internal controls on an on-going basis develop technology based screening controls (continually test) into major business areas to detect and report potential red flags of fraud before result in losses

22 examples Human resources Vendor management
screen employee names, SINs and address confirmation and identify exceptions for reporting Vendor management screen for vendor names and payment processing to identify anomalies and detect suspicious transactions for reporting before initial payments are made

23 COMMITTEES BOARD OF DIRECTORS
3 common standing committees of public company boards audit compensation nominating/corporate governance charged with enhancing quality of nominees to board and ensuring integrity of nominating process plays critical role in overseeing matters of corporate governance for board including formulating/recommending governance principles and policies

24 ROLE OF AUDIT COMMITTEE
assist board in fulfilling its oversight responsibilities audit committee charter purpose, authority, composition, meetings, responsibilities responsibilities oversight published financial information - annual financial reports, interim reports, public disclosure documents oversight IA and liaison with EA oversight internal financial controls oversight corporate code of conduct oversight enterprise risk management

25 GOVERNANCE IIA defines IIA standard 2110
combination of processes and structures implemented by board in order to inform, direct, manage and monitor activities of organization toward achievement of objectives IIA standard 2110 IA must assess and make appropriate recommendations for improving the governance process in accomplishment of following objectives promoting ethics and values in organization ensuring effective organizational performance management and accountability communicating risk and control information to appropriate areas of organization coordinating activities of and communicating information among board, external and internal auditors and management

26 corporate governance USA SOX 2002 (sections 302, 404)
requires boards and three core committees (Audit, Governance, Compensation) to take direct responsibility for critical elements of oversight and control annual report must include certification by management (CEO, CFO) of ICOFR and EA certification SEC - use of COSO framework to document controls NYSE requires listed companies to adopt and disclose their corporate governance guidelines (qualification standards, responsibilities, compensation, orientation and continuing education, annual performance evaluation of board) NYSE listed companies to maintain IA function to provide management and audit committee with ongoing assessments of risk management processes and system of internal control

27 Canada Canadian Securities Regulations - annual report must include certification by management but no EA certification Toronto Stock Exchange Committee on Corporate Governance in Canada (Dey Committee) calls on boards to explicitly assume responsibility for governance including leadership, stewardship, risk management and information IIA Organizational Governance Guidance for Internal Auditors (2006) effective corporate governance requires every board of directors to have in place appropriate structures, resources and procedures to ensure that the board can function independently of management to carry out its governance responsibilities includes the means to conduct independent research where appropriate (IA become a board-level resource for information and education)

28 Board Governance Accountability Framework
Assessing Board Effectiveness The Board should have a process in place to assess how well it discharges its roles and responsibilities as part of the organization’s overall effectiveness. Approving and Monitoring Mission, Vision and Strategy The Board should approve and monitor the mission, vision and strategy of the agency, ensuring a plan of action is set for the future, thereby ensuring its continuing relevance in a changing environment and ensuring the organization’s chances of viability and success. Approving and Monitoring the Agency’s Ethical Values The Board should act as guardian of the agency’s values, promoting public confidence in how it is being operated from an ethical perspective.

29 Approving and Monitoring By-laws, Policies and Practices
The Board should be approving and monitoring both governance and key operational policies. Monitoring Management Control The Board should have an appropriate understanding of the systems and controls that allow agency management to manage its resources efficiently and effectively. Ensuring Financial Stability The Board should be ensuring the agency could meet its current and future financial responsibilities.

30 Evaluating Senior Management
The Board should be evaluating the chief executive officer on a regular basis. Overseeing External Communications The Board should be overseeing the agency’s communication to and from external parties. Advocacy The Board should be communicating to the public and its stakeholders, the mission and purpose of the agency, and should be advocating both public involvement and financial support for the program.

31

32

Download ppt "Risk Management, Control Frameworks and Governance (8 - 11%)"

Similar presentations

Organizational Governance

Organizational Governance
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Operational Auditing--Fall 2009 1 Operational Auditing Fall 2009 Professor Bill O’Brien.

Operational Auditing--Fall Operational Auditing Fall 2009 Professor Bill O’Brien.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Purpose of the Standards

Purpose of the Standards
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Chapter 4 Internal Controls McGraw-Hill/Irwin

Chapter 4 Internal Controls McGraw-Hill/Irwin
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

Similar presentations

Ads by Google