This book provides golf course superintendents with the necessary tools to manage their daily financial operations by explaining basic accounting principles such as pricing, budgeting, cost control, payroll and cash flow. With chapters on financial statements, golf course operation schedules, breakeven analysis and operating budgets this is an invaluable tool for all owners, operators and managers of golf courses. In this indispensable book from the industry-leading American Management Association, financial expert John Hampton offers game-changing tips for dealing with the most important areas of financial decision-making.
Filled with strategies, principles, and measurement techniques, The AMA Handbook of Financial Risk Management shows readers how to categorize financial risks, reduce risks from cash flow and budget exposures, analyze operating risks, understand the interrelationship of risk and return, manage risks in capital investment decisions, determine the value of common stock, and optimize debt in the capital structure.
Engaging and detailed explanations and practical applications enable anyone involved in the financial management of an organization to recognize the factors at stake and the solutions that would produce the best organizational outcomes.
Managing financial risk boils down to understanding how to reduce a complex business environment into workable concepts and models. This strategic guide shows you how to make these individual decisions with the big picture in mind.
Developed over 20 years of teaching academic courses, the Handbook of Financial Risk Management can be divided into two main parts: risk management in the financial sector; and a discussion of the mathematical and statistical tools used in risk management.
This comprehensive text offers readers the chance to develop a sound understanding of financial products and the mathematical models that drive them, exploring in detail where the risks are and how to manage them.
This fully updated second edition includes brand new content on connections diagrams, new case studies, and new instructional videos, and a completely new section devoted to the interdisciplinary nature of financial planning. You'll gain insights from diverse fields like psychology, behavioral finance, communication, and marriage and family therapy to help you better connect with and guide your clients, alongside the detailed financial knowledge you need to perform to the highest expectations as a financial planner.
The only official CFP Board handbook on the market, this book contains over ninety chapters that are essential for practitioners, students, and faculty. Whether a practitioner, student, or faculty member, this guide is the invaluable reference you need at your fingertips. You can learn more about our use of cookies here Are you happy to accept cookies? Yes Manage cookies Cookie Preferences We use cookies and similar tools, including those used by approved third parties collectively, "cookies" for the purposes described below.
You can learn more about how we plus approved third parties use cookies and how to change your settings by visiting the Cookies notice. The choices you make here will apply to your interaction with this service on this device. Essential We use cookies to provide our services, for example, to keep track of items stored in your shopping basket, prevent fraudulent activity, improve the security of our services, keep track of your specific preferences such as currency or language preferences , and display features, products and services that might be of interest to you.
Because we use cookies to provide you our services, they cannot be disabled when used for these purposes. For example, we use cookies to conduct research and diagnostics to improve our content, products and services, and to measure and analyse the performance of our services.
Show less Show more Advertising ON OFF We use cookies to serve you certain types of ads, including ads relevant to your interests on Book Depository and to work with approved third parties in the process of delivering ad content, including ads relevant to your interests, to measure the effectiveness of their ads, and to perform services on behalf of Book Depository. James Morrison. P John Rees. Cecilia Bottomley. James Gossage. Peter Hall.
Ronny Cheung. Anne E. Kerry Layne. Barry Wright. Eamon Shamil. Robert Thomas. Are there any other matters that should be brought to the attention of the Review Group? Global Governance Corporate governance is a concept that has affected most developed and developing countries. The Organisation for Economic Cooperation and Development has prepared an inclusive set of corporate governance principles that seeks to take on board the kept elements of this topic.
This is particularly important in emerging democracies where the concept of registered companies may be less developed. The principles are as follows: 1. The corporate governance framework should ensure the equitable treatment of all sharehold- ers, including minority and foreign shareholders. All shareholders should have the opportunity to obtain effective redress for violation of their rights.
With this in mind they have addressed the Canadian governance context by issuing 14 guidelines that cover: 1. Stewardship of the company Which covers the strategic planning process, management of principal risks, succession planning, communications policy, integrity of internal controls.
Board independence Where the majority of directors should be independent. Individual unrelated directors Where the concept of unrelated directors is addressed. Nominating committee For nominating and assessing directors. Orientation and education of directors For new recruits to the board. Effective board size The adopted size should ensure effective decision making. Committee of outside directors These should normally consist of outside directors. Approach to corporate governance Every board director is responsible for developing the approach having considered these guidelines.
Position description Corporate objectives for the CEO should also be developed. Board independence Where board structures and chairing arrangements should pro- mote independence.
Audit committee Comprised only of outside directors with oversight of internal control and direct links with internal and external audit.
Outside advisors These should be engaged where appropriate. The guidance is based around ten principles: 1. Lay solid foundations for management and oversight. Structure the board to add value. Promote ethical and responsible decision-making. Make timely and balanced disclosures. Respect the rights of shareholders. Recognize and manage risk. Encourage enhanced performance. Remunerate fairly and responsibly.
Recognize the legitimate interests of stakeholders. Principle seven means the company should establish a sound system of risk oversight and management and internal control. Not least is the need for companies registered on the New York Stock Exchange to have an internal audit function, and that the audit committee must provide oversight of internal audit and meet separately with the internal auditor. The US experience has provided sound links between governance disclosures, risk management and internal controls.
This is because Section disclosures include the control framework in use that is established by an authoritative body and which has been released for public comment. Meanwhile, any investigation by the SEC of a registered company will start with an examination of the risk management process in use and in turn the type of control framework that is being applied by the company.
Stakeholder control of the business. Maximum and reliable public reporting. Avoidance of excessive power at the top of the business. A balanced board composition. A strong involved board of directors. A strong, independent element on the board. Effective monitoring of management by the board. Competence and commitment.
Risk assessment and control. A strong audit presence. Directors are expected to display a certain amount of skill and exercise reasonable care in the performance of their work. And at the same time be independent of the executive board members and protect the interests of all major stakeholders. No mean feat. The IoD have noted the contribution of NEDs: There is no legal distinction between executive and non executive directors.
The contribution of NEDs can help to raise the level of discussion and improve the quality of decision-making on the board, thus increasing the chances of the company acting in the best interests of its long term security and prosperity. They should be spending part of their time visiting plants, talking to people at all levels and building up a picture of how the company is running.
The corporate governance model can be further developed to include an additional layer of accountability through the external audit process in Figure 2. The internal auditor The internal auditor, on the other hand, seeks to advise management on whether its major operations have sound systems of risk management and internal controls.
External audit will arrive at an opinion using the criteria in Figure 2. In this way the external auditor will form an opinion on the accounts based on the adopted position.
Note, however, that there is an increasing number of contracted-out internal audit functions where the internal audit service is provided by an external body. It is important to get this concept clearly in mind and the illustration in Figure 2.
The three key elements of this model are: 1. The internal auditor will also cover these systems as part of the audit plan. Overall risk management arrangements are the main preoccupation of the internal auditor who is concerned with all those controls fundamental to the achievement of organiza- tional objectives.
This applies to some external auditors in the public sector e. It is possible to outline the key differences in Table 2. We can now discuss some of the ways that may be used to foster greater co-operation, which include: A common audit methodology A close co-operation can result from adopting a common approach to audit work. Joint training programmes Fully integrated training programmes, as an ideal, are not possible due to the different nature of the two audit functions.
A policy of joint training can nonetheless be applied so long as this is limited to general audit techniques. Harmonization of the planning task is fundamental in this respect. There are several levels to which audit planning may be interfaced as Figure 2. At the extreme it can result in one planning document being prepared for the organization.
Things have moved on and, like all business professionals, external audit has been swept up into the risk tide. Move from audit to business assurance service.
The importance of an effective dialogue between corporate bodies and external stakeholders has become a key concern in the business community and there is a growing interest in seeking to improve this communication. The WorldCom and Enron examples show the fallout where the misstatements hit the billions mark. This is where the external audit comes into play—to independently check that what appears to be true is in fact true. The appointed chair has no authority or inclination to redress this imbalance.
There is little open communication between the board and with managers and employees. Moreover, where the auditor asked too many questions, they are simply replaced. The true position is that the external auditor uses samples for testing and the external audit can only provide a reasonable expectation that frauds, errors, insolvency, abuse and problems that have a material affect on the accounts may be uncovered. The Audit Commission The Audit Commission is the other big independent government external auditor and covers local authorities and NHS bodies, in contrast to central government organizations.
Like the NAO it also has responsibility to promote improvement in value for money in public services. The Audit Commission produced a new Code of Practice in March building on the Audit Commission Act and the Local Government Act which addressed the statutory responsibilities and powers of appointed auditors.
There is an ongoing review of auditor independence and the issue of non-audit fees and whether they should be further restricted. We are in a state of continuous review as report after report analyses the rules and practices that promote better auditor independence, or help improve the perceived state of independence of the external audit process. The audit committee AC is a standing committee of the main board and tends to consist of a minimum of three non-executive directors NEDs.
Most audit committees meet quarterly and they are now found in all business and government sectors for larger organizations. We would hope that the audit committee is now providing another layer of stakeholder comfort in the search for good corporate governance and allows us to add to our growing model in Figure 2. Groundbreaking work was performed in the US by the Blue Ribbon Committee in who prepared ten key recommendations on improving the effectiveness of audit committees: 1.
No relationship with the company that will impair independence. NYSE and NASD charters of listed companies specify that external audit is accountable to the board and AC who have the ultimate authority to select, evaluate and replace the external auditor. Even in smaller companies, their presence is recommended by many businesses—which some see as a substitute for an internal audit function. The Role of the Audit Committee An audit committee will be established by the main board to perform those duties that the board decides should be properly allocated to this specialist forum.
The external audit process To review the external audit process and make recommen- dations to the board where appropriate. Systems of internal control To consider the adequacy of systems of internal controls.
Internal audit Involvement in the appointment of the internal auditors and ensuring that the internal audit function operates to professional standards, performs well and discharges its responsibilities under the audit plan and strategy. Risk management The audit committee will ensure that there is an effective system of risk management within the organization and that this system supports the controls which, in turn, provide a reasonable expectation of achieving organizational objectives.
Also ensure that the organization is able to prevent, detect and respond to fraud and allegations of fraud. In the UK internal audit, while strongly encouraged, is not mandatory although audit committees are required. The internal auditor needs to have regard to their audit committee and appreciate that this group forms a key customer. One key area that internal audit has a dominating expertise is in applying control models to an organization, and it is here that the CAE may help the audit committee understand the use and design of control models through which to base any view of internal controls that they might recommend to the main board.
Many internal audit shops have a dotted line responsibility to the audit committee. This is pretty much the language of the NEDs as well as the executives on the board members. The IIA has posted material on its website on Internal Auditing and the Audit Committee: Working Together Toward Common Goals, which concluded that: The tasks, responsibilities, and goals of audit committees and internal auditing are closely intertwined in many ways.
The audit committee has a major responsibility in assuring that the mechanisms for corporate accountability are in place functioning. Clearly, one of these mechanisms is a solid, well- orchestrated, co-operative relationship with internal auditing. Code provisions D. There is much guidance to turn to for help in reinforcing the internal audit position.
Senior management and the board may desire objective assurance and advice on risk and control. An adequately resourced internal audit function or its equivalent where, for example, a third party is contracted to perform some or all of the work concerned may provide such assurance and advice. There may be other functions within the company that also provide assurance and advice covering specialist areas such as health and safety, regulatory and legal compliance and environmental issues.
Such an increase in risk may also arise from internal factors such as organizational restructuring or from changes in reporting processes or underlying information systems. Other matters to be taken into account may include adverse trends evident from the monitoring of internal control systems or an increased incidence of unexpected occurrences. Where there is an internal audit function, the board should annually review its scope of work, authority and resources, again having regard to those factors.
Moreover the internal auditor can be the best friend of the audit committee and perhaps one of the few parties that can be relied on to give impartial and reliable advice and information. Figure 2. Looking at each part of the model in turn: 1. Corporate governance codes: These are essentially the codes, guides, regulations and standards that, apart from family-run concerns, cover most larger organizations. Corporate structures: The governance structures and processes include all those arrange- ments to ensure compliance with the governance codes.
This also includes disclosures on compliance with corporate governance codes, risk management arrangements and a statement on internal control. Internal control framework: We deal with internal control in Chapter 4. This provides a road map regarding the control environment, how people relate to each other and communicate, corporate structures and governance processes mentioned above. Risk management: Within the context of the control framework, the organization should employ a process for identifying, assessing and managing risk.
Note that risk management is covered in Chapter 3. One major component of this strategy is appropriately derived internal controls that seek to mitigate unacceptable levels of risk. Corporate strategies and review: The strategy for managing risk and ensuring controls do the job in hand should then be incorporated into an overall strategy that drives the organization towards the achievement of its objectives. The entire process should be directed, assessed, reviewed and improved in conjunction with a formal performance measurement system.
The three big parts—governance, risk management and control—form an entire system that provides for effective performance and stakeholder accountability. If the board is in control of their business and they are adhering to all appropriate standards then stakeholders can take comfort in this fact. This alone does not guarantee success, but it does mean that there is a reasonable chance that the organization will maintain, if not exceed, market expectations. To underline the need to be in control, the published annual report for companies listed on the stock exchange and most public sector or bodies should include a statement of internal control.
This statement is a bottom line item, which is derived from the complicated arrangement of systems, processes and relationships established within the organization. If these controls drive the organization forward and also tackle all known risks that threaten this positive direction, then there is a good system of internal control in place.
The Turnbull report includes a set of questions that the board may wish to discuss with management when considering reporting on internal control and carrying out its annual assessment. The internal and external auditors also provide a major input as does the audit committee. Moreover, the statements may also incorporate a consideration of whether the controls are being applied as intended and that they are reliable. The fully built model of corporate governance that we have been developing in this chapter is set out in Figure 2.
It should act as a window between the outside world and the organization so that interested users can peer through this window and get a clear view of the way management behave and their performance, with no chance of skeletons being hidden in the closet. The committee should also seek to ensure management are equipped to install effective risk management and controls in the organization.
The published annual report should comment on the systems of internal control in place to manage internal and external risk. Performance should be measured and managed in a balanced and meaningful manner. They should also underpin the human resource management systems e. All employees should be encouraged to report all actual and potential risks to the business, customers and stakeholders, and positive action should be taken by management as a result.
Commitment is the embodiment of corporate governance values into the hearts and minds of everyone connected with the organization. There are many organizations who send bold statements on the need for, say, better risk management but then fail to provide training, resources or space to enable people to do something about any gaps.
Performance, conformance, accountability, commitment and capability are the key drivers for ensuring an enthusiastic response to corporate governance. There are calls from all quarters to maintain this pressure to improve, develop and progress corporate governance arrangements as far as possible.
Summary and Conclusions The corporate governance debate is ongoing. The various codes and guidance that have been prepared throughout the world tend to build on what is already available. New codes have the advantage of recent information on what is working well and where there are still problems matching the theory with real life. As soon as we present the latest position on codes of practice, they are overtaken by a new version which is more inclusive and generally more comprehensive.
International codes are coming together to form a common understanding of how corporate, commercial and public life should be conducted. Chapter 2: Multi-Choice Questions Having worked through the chapter the following multi-choice questions may be attempted. Insert the missing words: The main driver for corporate governance is based on the.
Which item is the least appropriate? There are seven standards in the Nolan code of public conduct: a. Objectivity and accountability.
Openness and honesty. Leadership and acumen. Cadbury went on to describe the underpinning principles behind the code: a. The Organisation for Economic Cooperation and Development has prepared an inclusive set of corporate governance principles. Principle number one: a.
The corporate governance framework should promote transparent and failsafe markets, be consistent with the rule of law and clearly articulate the division of responsibilities among different supervisory, regulatory and enforcement authorities.
Insert the missing words: The Toronto Stock Exchange believes that good disclosures gives investors a solid under- standing of how. Which is the odd one out? The United States has been at the forefront in setting standards for regulating registered companies.
Insert the missing words: Many internal audit shops have a dotted line responsibility to the. While bearing this in mind, the internal auditor should also ensure there is a clear relationship between the CAE and the executive board.
Daily Mail, 17 Jan. Management Today, Jan. Daily Mail, Tuesday 23 Jan. The Nolan Code www. Internal Auditing, Feb , p. Internal Auditing and Business Risk, June , pp. Accountancy Age, 27 April , p. Corporate Governance and Risk Management, Oct. Daily Mail, Saturday 7 April , p. Accountancy Age, 22 June Daily Mail, Saturday 15 June , p. Financial Mail on Sunday, 18 Oct. People Management, 16 March , p. Daily Mail, Wednesday 31 Jan.
IIA Glossary of Terms. Daily Mail, City and Finance, 25 April , p. Internal Auditing and Business Risk, Oct. Internal Auditing, June UK , p. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. We need to understand risk and we need to appreciate the importance of risk management to an organization. Good corporate governance codes require the board to install a system of risk management and tell their shareholders about this system.
This chapter addresses the concept of risk. We consider some of the material that has been written about risk and introduce the risk cycle as a way of understanding how risk management works. We touch on important aspects of the risk management system relating to risk policies and concepts such as enterprise-wide risk management and control self-assessment.
They go on to describe the paradigm shift that enables this leap from stage two to stage three, and argue that: The implications of this paradigm shift are enormous. It turns the focus of the audit away from the past and present and toward the present and future. Focusing on controls over transactions buried the internal auditor in the details of the past, limiting the value from any information derived.
By focusing on business risks to present and future transactions, the auditor is working at a level above the details and dealing with the obstacles for organisation success.
The information derived from such exploration has great value to the management governance team. In an attempt to get behind risk management we cover the following ground in this chapter: 3. We need go no further than the work of Peter L. In this sense, risk is a choice rather than a fate. The actions we dare to take, which depend on how free we are to make choices, are what the story of risk is all about. The stewardship concept underpinning corporate governance forces management to seek out risks to the business and address them, where appropriate.
Peter L. They had no choice but to begin making decisions over a far wider range of circumstances and over far longer periods of time than ever before. Also, the key feature of this challenge is that it appears when a major decision has to be made.
Risk has no real form unless we relate it to our own direction, that is what we are trying to achieve. It is the risks to achieving objectives that affect us in that they detract from the focus on success and stop us getting to the intended result. We may add to the risk model and incorporate this feature into the existing dimensions in Figure 3. In this way the impacts become the effect the risks have on the objectives in hand.
Poor systems hide the objectives outside the model or as something that is considered peripheral to the task of assessing the impact of the risks. In reality it is not as simple as this. The act of setting objectives in itself is based on real and perceived risks, that is some uncertainty about the future.
In recognition of this, we can adjust slightly our risk model to make the risk component interactive—in that the objectives are themselves set by reference to the uncertainty inherent in organizational climate in Figure 3.
The other concept that needs to be considered is that risk, in the context of achieving objectives, has both an upside and an downside. In our model we call these threats and opportunities. That is, it can relate to forces that have a negative impact on objectives, in that they pose a threat. Upside risk on the other hand represents opportunities that are attainable but may be missed or ignored, and so mean we do not exceed expectations.
It is more about moving outside of familiar areas and knowing when and where to take risks. This is quite important in that if we view controls as means of reducing risk, we can now also view them as obstacles to grasping opportunities. So risk management is partly about getting in improved controls where needed and getting rid of excessive controls where they slow proceedings down too much.
In other words, making sure controls are focused, worth it and make sense. The review process may identify areas of opportunity, such as where effective risk management can be turned to competitive advantage.
To incorporate this feature into our risk model we need to add a separate box that provides a grid of likelihood and impact considerations regarding the effect of the risk on the set objectives in Figure 3. Having established the two aspects of risk, we can start to think about which risks are not only material, in that they result in big hits against us, but also whether they are just around the corner or kept at bay.
Since risk is based on uncertainty, it is also based on perceptions of this uncertainty and whether we have enough information to hand.
Where the uncertainty is caused by a lack of information then the question turns to whether it is worth securing more information or examining the reliability of the existing information. Uncertainty based on a lack of information that is in fact readily available points to failings in the person most responsible for dealing with the uncertainty. There is much that we can control, if we have time to think about it and the capacity to digest the consequences.
We are close to preparing the risk management cycle and incorporating this into our original risk model. It is essential that there be openness of communication by management with the board on matters relating to risk and control. Business risk is really about these types of issues, and not just the more well-known disasters, acts of God or risks to personal safety. This should revolve around the two-dimensional Impact, Likelihood considerations that we have already described earlier.
Review The entire risk management process and outputs should be reviewed and revisited on a continual basis. This should involve updating the risk management strategy and reviewing the validity of the process that is being applied across the organization. The above cycle is simple and logical and means clear decisions can be made on the types of controls that should be in place and how risk may be kept to an acceptable level, notwithstanding the uncertainty inherent in the nature of external and internal risks to the organization.
Most risk management systems fail because the process is implemented by going through the above stages with no regard to the reality of organizational life. Managers tick the box that states the stages have been gone through and eventually the board receives reports back that state risk management has been done in all parts of the organization.
Our risk models will have to be further developed to take on board the many intricacies that have to be tackled to get a robust and integrated system of risk management properly in place. Our latest risk model becomes Figure 3.
We have developed ten measures for addressing risks that have already been assessed for impact and likelihood, in the bottom left box of our model. Each of the ten responses 5Ts and 5Cs are numbered and can be located within the appropriate part of the Impact Likelihood Grid in the bottom right of the risk model.
For example, where we have assessed a risk as high impact but low likelihood, we may want to transfer or spread some of this risk, to an insurer as a suitable response in this case number 3.
The responses are further described: 1. Terminate Here, where the risk is great and either cannot be contained at all or the costs of such containment are prohibitive. Controls One of the principal weapons for tackling risks is better controls. Note that this is the subject of the next chapter. Transfer Where the risks are assessed as high impact but low likelihood, we may wish to adopt a strategy of spreading risk, wherever possible. Contingencies A useful response to risk that is again high impact, low likelihood is based around making contingency arrangements in the event the risk materializes.
Take more One dimension of the risk management strategy is derived from the upside risk viewpoint. Risk management is about knowing where to spend precious time and knowing where to spend precious resources. The 5Ts and 5Cs model provides a wide range of techniques for developing a suitable risk management strategy in the bottom right corner of Figure 3. The subject of risk registers has a very interesting past. Project managers have used them for a long time as they assess risks at an early stage in a large project and enter the details in a formal record which is inspected by the sponsors.
More recently, they have come to the fore as an important part of general business risk management. Moreover, the registers may form part of the assurance process where they can be used as evidence of risk containment activity, which supports the statement of internal control. Risk registers can be attached to this process to record the above stages and end up with both a record and action plan.
The register in our model in Figure 3. An elementary diagram forms the basis for a consideration of risk appetite in Figure 3. We need to turn once again to Peter Bernstein for an authoritative view on risk appetites. As we grow older, wiser, richer, or poorer, our perception of risk and our aversion to taking risk will shift, sometimes in one direction, sometimes in the other.
The contrasting positions are that the board sets a clear level of tolerance and tells everyone inside the organization; or that people are empowered to derive their own levels based around set accountabilities. Although many people associate risk with loss of assets, the concept is viewed by the auditor as much broader.
Funds will move in accordance with the level of risk that they are attracted to, so long as this level has been properly communicated to all interested parties. Risk appetite varies between organizations, between departments, between section, teams and more importantly between individuals.
If risk tolerance throughout an organization hovers at different levels with no rational explanation, then we may well experience problems. Where the entire organization has a high risk tolerance, then it will tend not to install too many controls, particularly where these controls are expensive.
One model used to assess risk appetite uses the scale in Figure 3. Much confusion results from mixing gross and net risk. Risk, before we have put in measures to deal with it, is gross, or what we have called inherent risk. Risk that has been contained, so far as is practicable, is net, or what we have called residual risk. A high risk occupation such as an astronaut may in practice be relatively safe because of the abundance of controls in place for each journey.
The risk tolerance for space exploration agencies may be near on zero, with a focus on controls and quality assurance routines and numerous tests of these controls. Attitudes to risk tolerance become even more important when we consider the responsibilities of an organization to its stakeholders. But, they will also need to understand the way the organization behaves towards risks.
While companies need to work out their view on risk, it is much the same for government bodies. The NAO has reviewed risk management in government bodies along with the need to support innovation.
This may inhibit innovation in the way government services are designed, resourced and delivered. It is in this type of environment that it becomes hard to develop consistent messages about risk tolerance. The Turnbull report contains a reminder that board expectations must be made clear throughout the company.
A focused board with a well-considered strategy that is properly implemented, reviewed and further developed is the foundation for establishing risk tolerances that actually make sense to all managers and employees. Without these prerequisites there will always be problems where the concepts of accountability and blame become confused. One dynamic method of developing corporate risk appetites is to start with the board.
If the board carry out a risk assessment to isolate their top ten risks then this reasoning may form the basis for categorizing risks throughout the organization which could then form the basis for developing risk registers at senior and middle level management. In some organizations, risk assessment workshops are set up for key teams as a response to the trend towards CRSA programmes, often on the back of recommendations from the auditors or an external consultant.
This annual exercise appears to be enough to satisfy the auditors and someone within the organization attempts to place the risk registers onto a database and eventually prepares summary reports for top management and the board. Better models use a key to highlight high impact, high likelihood perhaps indicated in red , which then triggers a rapid response from the board who will want to know that action is being taken to handle key exposures.
The board then reports that it has reviewed the system of internal control, partly through the use of the risk management process as described. We could go on, where risk workshops or risk reviews based on survey or interviews are derived from an incomplete model of the risk management system.
As a result, we have developed our risk model to incorporate further dimensions that seek to counter the negatives listed above, as Figure 3. The board make a statement on the systems of internal control in the annual report and it is the board that reports that this system has been reviewed.
The King report from South Africa makes this point crystal clear: The board is responsible for the total process of risk management, as well as for forming its own opinion on the effectiveness of the process. Management is accountable to the board for designing, implementing and monitoring the process of risk management and integrating it into the day-to-day activities of the company.
These policies should be clearly communicated to all employees to ensure that the risk strategy is incorporated into the language and culture of the company. Turnbull represents aspirations that may not always be matched in practice. We are engaged in a continual search for better business practice.
0コメント