Professional Documents
Culture Documents
Finance IV
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
SCHOOL OF
Enterprise
Risk
Management
Presented by
Mr. T Lunga
Learning outcomes
Explain the importance of integrating and standardising risk
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
1. King IV
SCHOOL OF
Risk is about the uncertainty of events; including the likelihood of such
events occurring and their efect, both positive and negative, on the
achievement of the organisation’s objectives
3. CIMA
Risk is a condition in which there exists a quantifable dispersion in the
possible outcomes from any activity.
Business vs Audit risk
What risk is an auditor concerned about
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
Risk classifcation: timescale of their impact, nature of risk, source of risk,
SCHOOL OF
nature of impact, etc.
E.g., the FIRM risk scorecard classifed risks according to their impact
(fnancial, infrastructure, reputational and marketplace).
Common risk classifcations: Strategic, Operational, Financial, Information,
Compliance, Reporting (COSO, SAICA), Hazard.
NB: adopt the classifcation system most suited to the organisation’s own
circumstances.
PESTLE risk classifcation system (Political, Economic, Sociological,
Technological, Legal, Ethical/Environmental)
What’s key for assessment purposes?
Identify risks
Explain why they are risks
Explain the likely impact
Develop appropriate risk responses
Risk Classifcation (Module)
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
SCHOOL OF
Strategic
Complianc Operationa
e l
RISK
CATEGORIE
S
Hazard Reporting
Financial Informatio
n
Risk Classifcations - Explanation
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
face because of the regulatory regime that they operate in (political;
legal/litigation; regulatory; compliance risk).
SCHOOL OF
Business risk - is the risk businesses face owing to the nature of
their operations and products (strategic; product; commodity price;
product reputation; operational; contractual inadequacy; fraud &
employee malfeasance risk).
Economic risk - is the risk that changes in the economy might
afect the business.
Financial risk - is the risk of a change in a fnancial condition such
as an exchange rate, interest rate, credit rating of a customer, or
price of a good (credit; political; currency; interest rate; gearing risk).
Technology risk - is the risk that technology changes will occur that
either present new opportunities to businesses, or on the down-side
make their existing processes obsolete or inefcient (Cyber Risk?).
Risk Classifcation - Explanations
Environmental risk - is the risk that arises from changes in
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
new legislation covering one of their products; and
SCHOOL OF
the bank asking for their loan to be repaid immediately since the company failed to pay
their most recent instalment after the interest rate rose.
Which categories of risk are they best described by?
3. Miney plc ("Miney") is a global company – incorporated in the USA – that extracts
valuable minerals from the earth. Mining is a risky business with a death toll
averaging 100 deaths per annum in the USA alone. Miney has recently had a coal
mine collapse killing two men and trapping four others for three days. The
accident made the national news each day and Miney became a household
name. Miney is fnanced purely by equity and has a large cash balance and no
debt. It has come to the attention of the Board that the future price of coal is
forecast to fall, as renewable energy sources becomes more reliable. What risks
are more critical for Miney to assess?
Risk Management
Process which aims to help organisations understand,
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
directors, management and other personnel, applied
in strategy setting and across the enterprise,
SCHOOL OF
designed to identify potential events that may afect
the entity, and manage risks to be within its risk
appetite, to provide reasonable assurance regarding
the achievement of entity objectives.”
Source: COSO Enterprise Risk Management – Integrated Framework. 2004. COSO.
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
nt efect
SCHOOL OF
Quality problem Product recall; customer Financial losses
defection/attrition/turnover
Environmental Bad publicity; customer disfavour & Financial losses
pollution defection; court action; fnes
Healthy & safety Bad publicity; worker compensation claims; Human sufering;
injury workforce dissatisfaction ; statutory fnes Financial losses
Fire Harm to humans; loss of production and Human sufering;
assets Financial losses
Computer failure Inability to take orders, process work or Financial losses
issue invoices; customer defection; loss of
production, etc.
Political risks Foreign government appropriates assets; Financial losses
prevents repatriation of profts
Traditional RM vs Enterprise RM
Traditional RM Enterprise RM
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
Focuses solely on risks that can be Accounts for insurable hazards along with
insured, any other risk an organisation faces that
SCHOOL OF
no amount of money can remedy
Reactive and sporadic risk management Proactive and consistent risk management
that takes place only after an incident has that attempts to predict potential events
happened to prevent it from reoccurring before they happen
Risk-averse mindset, viewing risks only as Risk-taking mindset, where the downsides
something that can cause the organisation and upsides of risks are considered
to lose money
Fragmented or siloed approach where Integrated and holistic approach where
each department manages risk risk management is coordinated
independently throughout the business
Risks are mitigated based on each silo’s Risks are mitigated in line with an ironclad
expertise and decision-making skills with a multi-dimensional strategy on an
one-dimensional assessment enterprise-wide level
Disjointed activity with no connection to Risk is embedded as a culture and
strategic objectives and little awareness of ingrained as a valuable decision-making
risk across the organisation tool to ensure business success
General Concepts/Terminology
Risk Management Philosophy
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
Refects the culture, values culture and experience
SCHOOL OF
Determines to a larger extend how risk is managed
Refects willingness to take risk. (Risk appetite)
Risk Management Policy
Statement of the overall intentions and direction of an organisation related to risk
management
Informed by the entity's risk profle, appetite for risk, loss tolerance levels, regulatory
compliance expectations, safety and health demands, sustainability management,
corporate governance requirements etc.
Risk Maturity
Quality of risk management framework
Score the risk management process against best practices
Diferent models with diferent levels
Identify areas for improvement
Risk Management Plan
Risk Appetite
Risk Tolerance
Inherent vs Residual risk
Risk Governance – King IV
Principle 11: The governing body should govern risk in a way that
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
supports the organisation in setting and achieving its strategic
objectives.
SCHOOL OF
Recommended practices - The governing body should:
Assume responsibility for the governance of risk
Treat risk as integral to the way it makes decisions and executes its duties
Approve policy that articulates and gives efect to its set direction on risk
Approve the organisation’ risk appetite and risk tolerance levels
Delegate the responsibility to implement and execute efective risk
management to management
Exercise ongoing oversight of risk management
Consider the need to receive periodic independent assurance on the
efectiveness of risk management, etc.
Principle 8 [Committees of the governing body]
The governing body should consider allocating the oversight of risk
governance to a dedicated committee, or adding it to the responsibilities
of another committee
Principles of Risk Management [ISO 31000]
Risk management:
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
be:
SCHOOL OF
Proportionate to the level of risk within the
organisation
Aligned with other business activities
Comprehensive, systematic and structured
Embedded within business procedures and
protocols
Dynamic, iterative and responsive to change
[This provides the acronym PACED]
Risk Management Process [ISO 31000:2018]
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
Risk Management Process [ISO 31000:2018]
Risk Assessment
Risk assessment is the overall process of risk identifcation, risk
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
analysis and risk evaluation
SCHOOL OF
Should be conducted systematically, iteratively and collaboratively
Risk Identifcation purpose: to fnd, recognise and describe risks
that might help or prevent an entity from achieving its objectives
Risk Analysis purpose – to comprehend the nature of risk and its
characteristics including, where appropriate, the level of risk. It
involves a detailed consideration of uncertainties, risk sources,
consequences, likelihood, events, scenarios, controls and their
efectiveness.
Risk Evaluation purpose – to support decision making. Involves
comparing the results of the risk analysis with the established risk
criteria to determine where additional action is required
Tools & techniques: Questionnaires and checklists, workshops and
brainstorming, inspections and audits, fow charts and
dependency analysis
Models – SWOT, PESTLE, Porter’s Five Forces, etc
Risk Treatment
Purpose – to select and implement options for addressing risks
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
ACCOUNTANCY
0 – 10% 10 – 25 -50% e 90 –
“Empowerment Solutions For Accountancy Professionals”
25% 50 – 100%
SCHOOL OF
90%
Extreme
IMPACT
High
Medium
Low
Negligible
PROBABILITY or
LIKELIHOOD
Assessment Possibilities
Exam\Test possibilities might include:
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”
SCHOOL OF
Critically assess/evaluate an organisation’s risk
management programme or process
Identify and describe risks and propose appropriate
mitigating/treatment plans
Identify the risk trigger
Explain the risk/concern (why risk?) Describing
Explain the likely impact on the organisation a risk
ACCOUNTANCY
“Empowerment Solutions For Accountancy Professionals”