Risk Management Dr. Clive Vlieland-Boddy

Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk – Hopefully minimising!

Business & Risk There is always risk to all businesses. The key for management is to monitor and control this risk. Investors have an appetite for risk but they need to see what the risks are! NO HIDDEN RISKS… Like FRAUD!

Control of Risk Internal Controls – The systems established to ensure the proper and effective control of the companies assets. These are created by management as a response to control risk. They have to be monitored to ensure that they are still effective.

Internal Control Internal Control is a state that management strives to achieve to provide reasonable assurance that the firm’s objectives will be achieved These controls encompass all the measures and practices that are used to counteract exposures to risks

Objectives of the Internal Control Structure Promoting Effectiveness and Efficiency of Operations Reliability of Financial Reporting Safeguarding assets Checking the accuracy and reliability of accounting data Compliance with applicable laws and regulations Encouraging adherence to prescribed managerial policies

Organization Structure –Is an up-to-date organization chart prepared, showing the names of key personnel? –Is the information systems function separated from incompatible functions? –How is the accounting department organized? –Is the internal audit function separate and distinct from accounting? (Division of Duties)

–Does the company prepare written employee job descriptions defining specific duties and reporting relationships? –Does the company clearly delineate employees and managers the boundaries of authority-responsibility relationships? Assignment of Authority and Responsibility

–Does the company maintain a sound Employee Relations program? –Do employees work in a safe, healthy environment ? –Retaining employees is essential! Human Resource Policies and Practices

Key Functions Performed by Audit Committees Review the Scope and Status of Audits Review Audit Findings with the Board and ensure that Management has taken proper action. Maintain a direct Line of Communication among the Board, Management, External and Internal Auditors, and periodically arrange Meetings among the parties To be the ears for the whistleblowers!

Risk Assessment Top management must be directly involved in Business Risk Assessment. This involves the Identification and Analysis of Relevant Risks.

Control Activities Control Activities as related to Financial Reporting may be classified according to their intended uses in a system: Preventive Controls block adverse events, such as errors or losses, from occurring Detective Controls discover the occurrence of adverse events such as operational inefficiency Corrective controls are designed to remedy problems discovered through detective controls Security Measures are intended to provide adequate safeguards over access to and use of assets and data records

Performance Reviews Comparing Budgets to Actual Values Review Key Performance Indicators (KPI’s) Accountants assist this control process by giving the results.

Types of Risks Unintentional errors Deliberate Errors (Fraud) Thefts of assets Breaches of Security Acts of Violence and Natural Disasters (Insurable)

Computer Crime

Examples of Computer Crime Theft of Computer Hardware & Software Unauthorized Use of Computer Facilities for Personal Use Fraudulent Modification or Use of Data or Programs Hacking and virus are now real risks to all businesses

Feasibility of Controls Audit Considerations Cost-Benefit Considerations –Determine all Potential Threats to the company’s Computer System –Assess the Relevant Risks to which the firm is exposed –Compare the Benefits against the Costs of Each Control

Developing the Building Blocks: Designing corporate governance –What is the role of accounting and auditing? –Ensure good internal controls! Redesigning corporate governance –What is the role of accounting and auditing? –Ensure good internal controls!

Shareholders, Auditors and External Corporate Governance Business Corporation Shareholders Influence the hiring and firing of Board members Board of Directors Provide strategic guidance Hire and evaluate senior management and auditor Board of Directors Audit CommitteeIndependent Auditor Shareholders Independent Auditor Monitor and certify internal control & financial reporting systems of the company

Recent Accounting Scandals Sarbanes-Oxley Act Auditor Independence Corporate Responsibility Enhanced Financial Disclosures Convergence on IFRS UK Corporate Governance Precise Rules Vs Shared Principals

Risk Reporting Financial statements must now include a summary of all the risks that the enterprise may be exposed to. It should also state to what extent management have addressed these concerns.

Risk Factors - Example Factors that May Affect future Results of Operations “If any of the following risks actually occur, our business, financial condition and results of operations could be harmed. In that case, the trading price of our common stock could decline, and you could lose all or part of your investment.” We need Transparency.

Bye for now! I’m ready for some leisure time. Please ensure you Prepare for next session