Professional Documents
Culture Documents
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
Course Description:
Governance, Business Ethics, Risk Management and Internal Control Accounting aims
to equip accountancy students the basic knowledge, skills and perspective that are
necessary in facing the challenge in the continuously changing business environment
whether it be in the public practice sector, accounting practice, internal audit or
accounting information system management.
Introduction
Learning Objectives
1
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
Content/Discussion
The willingness and readiness to take personal and financial risks is a defining characteristic of
the entrepreneurial decision maker. In late 90’s a study commissioned by an internationally
known accounting firm found that while in continental Europe strategies focus on avoiding and
hedging risk. Anglo-American companies view risk as an opportunity and accept risk
management as necessary to achieving their goals. In 2017, this relative attitude to risk among
European and US companies remains broadly the same, the result of long-standing cultural
experiences and history as well as recent events.
Successful businessmen and decision-makers make sure that the risks resulting from their
decisions are measured, understood and as far as possible eliminated. They also go beyond the
direct financial perspective and actively manage risk as it affects the whole organization.
Accepting the risks exist is a starting point for the other actions needed, but the most important
is to create the right climate for risk management. People need to understand why control
systems are needed; this requires communication and leadership, skills so that standards and
expectations are set and clearly understood.
Identification of significant risks both within and outside the organization is crucial and allows to
make informed decisions. This makes it easier to avoid unnecessary surprises. Examples of
significant risks might be the loss of a major customer, the failure of a key supplier or the
appearance of a significant competitor.
Consider the human factor into account. People behave differently and inconsistently when
making decisions involving risk. They may be exuberant or different, overconfident, or overly
concerned. They may simply overlook the issue of risk.
Risk surrounds and continues to be with us. A former British primer minister once said: “To be
alive at all involves some risk.” When identifying risks, it helps to define the categories into
which they fall. This allows for a more structured analysis and reduces the chances of a risk
being overlooked. Some of the most common areas of risk affecting business are shown in
Table 12.1.
2
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
As earlier mentioned, the usual first step is to determine the nature and extent of the risks the
business will accept. This involves assessing the likelihood of risks becoming reality and the
effect they would have if they did. Only when this is understood can measures be taken to
minimize the incidence and impact of such risks.
3
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
There is also an opportunity cost associated with risk: avoiding a risk may mean avoiding a
potentially big opportunity. People can be too cautious and risk averse even though they are
often at their best when facing the pressure of risk deciding to take a more audacious approach.
Sometimes the greatest risk is to do nothing.
Once risks are identified they can be ranked according to their potential impact and the
likelihood of them occurring. This helps to highlight not only where things might go wrong and
what their impact would be, but also how, why and where these catalysts might be triggered.
The five most significant types of risk catalyst are as follows:
Technology. New hardware, software or system configurations can trigger risks, as can
new demands on existing information systems and technology. In early 2010, Metro
Manila Development Authority Chair introduced a congestion change for traffic using the
center of the city; the greatest threat to the scheme’s success (and his tenure as chair)
was posed by the use of new technology. It worked and the scheme was widely seen as
a success.
Organizational change. Risks are triggered by, for example, new management
structures or reporting lines, new strategies and commercial agreements (including
merges, agency or distribution agreements).
Processes. New products, markets and acquisitions all cause change and can trigger
risks. The disastrous launch of “New Coke” by Coca-Cola was an even bigger risk than
anyone at the company had realized; it outraged Americans who felt angry that an iconic
US product was being changed. That Coca-Cola eventually turned the situation to its
advantage shows that risk can be managed and controlled, but such success is rare.
People. Hiring new employees, losing key people, poor succession planning or weak
people management can all create dislocation, but the main danger is behavior:
everything from laziness to fraud, exhaustion and simple human error can trigger this
risk.
The stages of managing the enterprise-wide risk inherent in decisions are simple.
4
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
First, assess and analyze the risks resulting from a decision by systematically
identifying and quantifying them.
Second, consider how best to avoid or mitigate them.
Third, in parallel with the second stage, take action to manage control and monitor
the risks.
It is more difficult to assess the risks inherent in a business decision than to identify
them. Risks that lead to frequent losses, such as an increasing incidence of employee-
related problems or difficulties with suppliers, can often be solved using past experience.
Unusual or infrequent losses are harder to quantify. Risks with little likelihood of
occurring in the next five years are not important to a company focused on meeting
shareholders’ shorter-term expectations. Thus, it is sensible to quantify the potential
consequences of identified risks and then define courses of action to remove or mitigate
them.
Each category of risk can be mapped in terms of both likely frequency and potential
impact, with the potential consequences being ranked on a scale ranging from
inconvenient to catastrophic (see Figure 12.1)
Risk should be actively managed and given a high priority across the whole
organization. Risk management procedures and techniques should be well documented,
clearly communicated, regularly reviewed and monitored. To successfully manage risks,
you have to know what they are, what factors affect them and their potential impact.
If you plot the ability to control a risk against its potential, as shown in Figure 12.1, you
can decide on actions either to exercise greater control over the risk or to mitigate its
potential impact. Risks falling into the top-right quadrant require urgent action, but those
in the bottom-right quadrant (total/significant control, major/critical impact) should not be
ignored because complacency, mistakes and a lack of control can turn the risk into a
reality.
5
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
Once the inherent risks in a decision are understood, the priority is to exercise control. All
employees must be aware that unnecessary risk-taking is unacceptable. They should
understand what the risks are, where they lie and their role in controlling them. To achieve this,
share information, prepare and communicate clear guidelines, and establish control procedures
and risk measurement systems.
6
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
7
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
8
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
9
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
10
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
11
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
12
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
13
CITY COLLEGE OF SAN FERNANDO
ACCOUNTING INFORMATION SYSTEM
GBERMIC – MODULE 12
KC GUTIERREZ, CPA
- - - end - - -
References:
14