Presentation is loading. Please wait.

Presentation is loading. Please wait.

CORPORATE DIRECTORS PROGRAMME

Published byTolga Bayraktar Modified over 5 years ago

Similar presentations

Presentation on theme: "CORPORATE DIRECTORS PROGRAMME"— Presentation transcript:

1 CORPORATE DIRECTORS PROGRAMME
SESSION 4 – Internal Control Risk Management and Compliance By Shirani Jayasekara 17th July 2014

2 SESSION 4 – Internal Control & Risk Management
Internal Control and Risk Management Session Objective: To examine the Board’s role in developing a culture that is appropriate for the risk appetite of the organization and identifies the major areas of risk and strategies to manage risk. Part 1 - Concepts of Risk Management Part 2 – Managing Fraud Risk Part 3 – Panel Discussion followed by Group Discussion SESSION 4 – Internal Control & Risk Management

3 SESSION 4 – Internal Control & Risk Management
Concepts of Risk Management What is Risk? Risk vs. Objectives Risk Appetite Risk Awareness Culture How Organizations can embed Risk Management into strategies, plans and activities, policies and procedures Guidance on setting up Risk Management framework SESSION 4 – Internal Control & Risk Management

4 SESSION 4 – Internal Control & Risk Management
What is Business Risk? “Risk is any event, situation, or circumstance which, if it occurred, would adversely impact the achievement of objectives… including the failure to capitalise on opportunities.” What is Risk Management? SESSION 4 – Internal Control & Risk Management

5 Objective Setting Achieving Business Objectives Mission Vision
Functional Objectives Alignment of Unit Objectives Sector Objectives Mission Vision with Corporate Objectives Top Team – Setting and implementing strategy, objectives, mindful of SH expectations. At operational level it is managing a specific deliverable. eg Waste, Zero accidents Strategic goals -Market share, Shareholder value ROE >25%, RevPar, Occupancy

6 Key Questions In Stakeholder Management
Stakeholder/Responsibility Matrix Stakeholders Economic Legal Ethical Philanthropic Owners Customers/Suppliers Employees Community Public at large Social Activists Other “Stakeholders now demand to know how the business is run. Investors now want to know what the risks are… while staff , customers and suppliers will no longer tolerate being kept in the dark” - Christian Doherty examine s whether the accounting profession is ready for the challenge in Financial Management March 2012 issue.

7 COSO ERM Defined: “… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework COSO.

8 Risk Appetite Aligning Risk Appetite and Strategy
Is the amount of Risk the Board is willing to accept in pursuit of value. Risk Appetite is considered in strategy setting where the desired return from a strategy should be aligned with risk appetite. Aligning Risk Appetite and Strategy Eg. A pharmaceutical Co. has a low risk appetite relative to its brand value. Accordingly to protect its brand and to ensure product safety it may allocate resources in R&D in new Product Development.

9 Risk Appetite Risk Appetite
Risk appetite is a guidepost in strategy setting It guides resource allocation It aligns people processes and infrastructure

10 Risk Appetite on Risk Grid
Impact to business Imp.(Major) A Imp. (Moderate) B Imp. (Minor ) C Impact (V Low.) I ( Low) II ( Med III (Hi) Risk Appetite will be different for each Entity / SBU Risk Appetite will guide resource allocation Can be quantifiable or qualitative Likelihood

11 Risk Management (Can be done in 4 ways)
Avoid Mitigate Transfer Accept

12 SESSION 4 – Internal Control & Risk Management
Concepts of Risk Management What is Risk? Risk vs. Objectives Risk Appetite Risk Awareness Culture How Organizations can embed Risk Management into strategies, plans and activities, policies and procedures Guidance on setting up Risk Management framework SESSION 4 – Internal Control & Risk Management

13 Risk Awareness Culture A culture that is appropriate for the risk appetite of Entity
“Is a set of shared beliefs and attitudes characterizing how the Entity considers risk in everything it does; from strategy development to its day to day activities. It is captured in policy statements, oral and written communications and decision making” - COSO Tone from the Top on: (Values Statement) Code of Conduct Goals and Philosophy Gifts and Gratuities Transparency Corporate resources Social Responsibilities Code of Conduct - Contents 1.Integrity in the Company – Company assets, Use of information, Conflicts of interest, 2. Integrity in dealing with others – Dealing with Govt, dealing with Customers, Suppliers, consumers A Way of Life. It is like the values you would inculcate in your children What is accepted behavior and what is not. What is right and what is wrong. Like the values you would inculcate in your kids

14 The COSO ERM Framework (Values as part of Internal Environment)
Entity objectives can be viewed in the context of four categories: Strategic Operations Reporting Compliance

15 Internal Control Activities
Standard Policies and Procedures (SOP) Eg. Code of Conduct – SOBC Control activities must occur throughout the Organization, at all levels and in all functions(KCC) Self Assurance, Independent Assurance

16 Internal Control Activities
Top level reviews - Act vs budgets, competitor analysis, NPIs marketing thrusts, improved production process, PIRs, cost reduction etc. Direct Functional reviews - Performance reviews, KCC compliance reviews, daily cash flows, reconciliations, overnight transfers Information processing – check of accuracy, on-line edit checks and approval limits, credit limit checks etc. Physical controls – Equipment, Inventories, physical verification and security of assets (incl. protection from fire and flood) Performance indicators - Actual vs KPIs Structure for Effective Risk&Control Systems Organizational Structure (roles of Board and Management defining responsibilities for monitoring)

17 Structure & Responsibilities for RM: Organizations can embed RM into all areas of the business through its people CEO - Determine strategic approach to risk, propose risk appetite and approve RM policies Heads of Business Unit: Build risk awareness culture within Unit Ensure implementation of RM action plans Identify and report changed circumstances / risks Individual employees: Understand accept and implement RM process Report inefficient unnecessary or unworkable controls Report loss / near miss events Co-operate with management on incident investigations Risk Manager Develop RM policy and keep up to date Document the risk policies and RM structures Co-ordinate RM and Internal control activities Compile risk information and prepare reports to Board Chief Legal Officer Monitor controls on all new corporate contracts signed by CEO Head of Internal audit (impartial review) Develop a risk based internal audit program and implement same Report on the efficient and effectiveness of RM and internal controls

18 Monitoring (COSO 8th Component)
Effectiveness of the ERM components is monitored through: Ongoing monitoring activities (self review) Separate evaluations (peer, supervisory, independent reviews) A combination of the two. Monitoring can be done through ongoing activities or review of embedded internal controls. Enterprise risk management mechanisms usually are structured to monitor themselves Ongoing monitoring is built into the normal, recurring operating activities of an entity. Ongoing monitoring is performed on a real-time basis, reacts dynamically to changing conditions and is ingrained in the entity. As a result, it is more effective than separate evaluations. The greater the degree and effectiveness of ongoing monitoring, the lesser need for separate evaluations. The frequency of separate evaluations is a matter of management's judgment. In making that determination, consideration is given to the nature and degree of changes occurring, from both internal and external events, and their associated risks; the competence and experience of the personnel implementing risk responses and related controls; and the results of the ongoing monitoring. Usually, some combination of ongoing monitoring and separate evaluations will ensure that enterprise risk management maintains its effectiveness over time. Deficiencies in an entity’s enterprise risk management may surface from many sources, including the entity's ongoing monitoring procedures, separate evaluations and external parties. All enterprise risk management deficiencies that affect the entity’s ability to develop and implement its strategy and to achieve its established objectives should be reported to those who can take necessary action.

19 Board’s Role in developing the right culture for risk management
Personal experiences shared by a panelist

20 Mandate and Commitment
ISO 31000:2009 Figure 1 – Relationship between the Principles, Framework and Process Process Create values Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured and timely Based on the best available information Tailored Takes human and cultural factors into account Transparent and inclusive Dynamic, iterative and responsive to change Facilitates continual improvements of the organization Principles Framework Mandate and Commitment Establishing the context Communication & Consultation (5.2) Monitoring & Review (5.6) Risk assessment Design of framework Risk Identification Continual improvement of the Framework Implementing risk Management Risk Analysis Risk Evaluation Monitoring and review of the Framework Risk treatment

21 ISO 31000:2009 – Some Principles Stressed
Creates Value Integral part of Organizational processes Part of decision making Dynamic and responsive to change Transparent Facilitates continual improvement of Organization

22 SOURCES Sources: COSO Enterprise Risk Management – Integrated Framework Sep 2004 COSO Guidance on Monitoring Internal Control Systems June 2008 ISO 31000:2009 Relationship between Principles, framework and process

23 Thank you for your attention
Final Message: Poor internal controls gives opportunities to fraudsters Thank you for your attention

24 THANK YOU Shirani Jayasekara

25 SESSION 4 – Internal Control Risk Management and Compliance
QUESTIONS What is Business Risk? What is meant by Risk Appetite? Suggest a practical means of safeguarding internal controls in your Department. Is the Culture right in your Organization to be able to expose working difficulties encountered? Is there any area you feel you can contribute to improving Controls or Risk management process back in your Entity? SESSION 4 – Internal Control Risk Management and Compliance

Download ppt "CORPORATE DIRECTORS PROGRAMME"

Similar presentations

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
Risk Assessment Frameworks

Risk Assessment Frameworks
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.

1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.

Similar presentations

Ads by Google