Professional Documents
Culture Documents
Akila Gunarathna
Lecturer MBA(UK), ACMA, CGMA, ACCA Affiliate, B.Sc. Engineering (Hons), Dip in Banking & Finance (IBSL)
Code P3/AG/22
Risk Brief
Section 01
• 2 main Objectives of risk taking: To gain competitive advantage and to increase financial
return.
• Speculative Risk can be both upside and downside (Ex: Increasing gearing is speculative
as risk increases and tax benefit also increases).
• Risk: Expected impact of uncertain future events on objectives of the company.
• Business Risk can be Strategic, Product, Commodity, Product Reputation, Operational,
Contractual Inadequacy, fraud and false representation by employee.
• Economic Risk: Inflation, Unemployment, International trade, exchange rate, demand
• Financial Risk: Credit Risk, Currency Risk, Interest Rate Risk, Gearing.
• Currency Risk: Transactional, Translational and Economic.
• Corporate Reputation Risk (Ethical Risk): Child labor, environment performance, social
performance, illegal immigrants.
• International Risk: Culture, Legal, Exchange Rate, Credit Control, Items in transit.
• Government increasing tax is changing regulation, Regulation Risk.
• Critical Risk in insurance industry is Environmental Risk.
• Value at Risk (VaR): Maximum loss occurring within a given period of time with a given
probability. It quantifies Past volatility.
• Residual Risk may be accepted if management feels the company can bear the risk
(Compared with company’s risk appetite).
• Risk Register need to be updated regularly (Monthly, Quarterly or yearly, but not
weekly).
• Risk Register content: Probability and likelihood of the risk, name of the risk owner, risk
mitigation technique, impact, residual risk, risk name, adequacy of the assurance.
• Purpose of Risk Register: Ensure that recognized risks are sufficiently managed.
• BOD define the Risk Appetite.
• Audit Committee: Risk Management and controls in the absence of risk committee.
• Risk Committee: Board committee directly responsible for risk management.
• Risk Management group: Handled at operational level, responsible for Raw material
processing and report to BOD via Audit committee.
• Internal Audit: Review Internal Controls (Doesn’t Implement controls).
• Employees: All should be aware of possible risk and committee to managers.
• Responsibility of Risk Management can’t be passed only to risk manager, but its
responsibility of all. Risk Management is part of overall business strategy.
• Risk Capacity: Amount of risk the company can bear
• Risk Attitude: Overall approach to risk
• Risk Appetite: Amount of risk an organization willing to accept in pursuit of value.
Depends upon company’s reputation, nature of the product, background of BOD, change
in the market, etc.
• Risk Response strategies: Transfer, Avoid, Reduce, Accept, Diversification, Risk Pooling,
Risk Sharing, etc.
• Accepting Residual Risk doesn’t mean that company is reckless.
• Internal Controls: Can be even financial, For effective and efficient operations, For
compliance with laws and regulations.
• Requirement- Efficient conduct of business, safeguard assets, prevent and detect fraud
and error, accurate and complete, timely preparation of financial information.
• COSO model components- Control environment Culture and organization structure),
Risk assessment (Controllable? Internal or External), Control activities (Authorizing,
Policies and procedures), Monitoring (Internal Audit), Information and communication.
• Internal Controls are embedded in operations, includes procedures for reporting
controls and the ability to respond to changing risks within and outside the company.
• Internal Controls are the methods to respond the risk (risk reduction, not risk
elimination).
• Sound Internal Controls will provide a reasonable assurance on achieving its business
objectives.
• In divisional organization structure, power is delegated to divisional heads while in
functional organization structure power lies with the head office (Should always report
to Head Office).
• Controls can be
-Detective (Audits, Bank reconciliation, inventory counts)
-Preventive (Segregation of duties, Physical access controls)
-Directive (Job description, training, policies)
-Corrective (Credit notes issue, reprocess Internal Controls)
• S-Segregation of duties
• P-Physical controls
• A-Authorization and approval (Segregate to 2 layers)
• M-Management Control (BOD review bi-annually or quarterly, Cross functional teams
review monthly or weekly)
• S-Supervision (Oversight of work – to make sure things doesn’t go wrong)
• O-Organization (Structure, delegations, teams, reporting lines)
• A-Arithmetic and Accounting (Calculations, Reconcile)
• P-Personal Controls (HR controls, Induction, Training, Recruitment, Non-Disclosure
Agreements)
• Ideal to segregate the duties between 3 people to Authorize, Handle the asset and
Record in the books.
• Non-functional Quantitative Controls- Balance Score Card, Activity Based Management,
Total Quality Management, Project Management controls, Key Performance Indicators.
• Non-functional Qualitative Controls- Physical controls, Strategic plans, Rules (Ex: UK
Bribery Act), Personal Controls, Incentives.
• Balance Score Card is a performance measurement system and Activity Based
Management is a costing and budgeting technique.
• Financial Internal Controls are used for Asset Safeguarding and Maintain Accounting
Records.
• In manufacturing, a good is considered as Work_In_Progress until it passes the Quality
Inspection Stage.