You are on page 1of 18

LITERATURE REVIEW This chapter will explore the underlying theories that govern financial control, corporate governance

and risk management non-profit making organisations with special emphasis to Churches. Financial Controls The term Financial Controls has traditionally been taken to refer to monetary controls. It should be recognised that an all-encompassing term is Internal Controls. This term includes both the financial and non-financial controls. The researcher shall use these terms interchangeably and these will be taken to mean the same thing. Shiraz N (1997) notes that in its broadest sense, Internal Controls refer to both administrative and financial accounting controls. Definitions The College at Brockport State University at its website defined internal control as comprising of the coordinate methods that the business adopts in safe guarding its assets. This is done through checking the accuracy and reliability of its financial accounting information, promoting operational efficiency and encouraging adherence to prescribed policies. The definition according to defines financial controls as a means by which an organisation‟s resources are directed, monitored and measured. This definition is an all-encompassing one because it extends beyond issues relating to the financial accounting function in an organisation. Van Breda (1979) defines financial controls as a set of related dollar denominated variables used by management to control an organisation, and the resources used by the organisation. The committee of Sponsoring Organisations (COSO) of the Treadway Commission defined Internal Controls as processes that are instituted and effected by an organisation‟s board of directors. This process provides some reasonable degree of assurance as the organisation endeavours to meet its organisational objectives. The definition extends to the effectiveness and efficiency of how the organisation executes its operations, the reliability of its financial reporting and the compliance with the laws and regulations. They note that internal controls do not provide obsolete assurance but reasonable assurance to the organisation‟s board.


Whilst the Internal Control definitions sited above are limited to safe guarding of an entity„s assets. c) Enable the entity to respond to changes taking place in its operating environment. the COSO definition extends to the achievements of objectives in the organisation‟s different functions. It goes on to include as part of internal Controls the safeguarding of assets against theft and unauthorised use acquisition or disposal. the achievement of their goals and their missions b) Helps. Internal Control is defined as a process that is designated to ensure effective and efficient operations whilst ensuring reliable financial reporting. According to the website www. the Committee of Sponsoring Organisations (COSA) of the Treadway Commission suggested that internal controls:a) Keep Organisations on course towards. In that process the organisation‟s reputation is damaged. This then depends on the risk profile of the entity and what is considers as acceptable or unacceptable to the entity and its stakeholders. Spencer Picket (2005) also alludes to the fact that poor controls lead to losses. He further advises put appropriate controls in place where there is a strong possibility of failure to achieve the Organisation‟s objectives. d) Enable the organisation to achieve its mission e) Promotes effectiveness and efficiency f) Reduces or minimises the risk of losing an asset. He however argues that controls cost scandals and failure. monitoring and evaluation of the controls. 2 . who are involved in the establishment. to minimise surprises. maintenance and monitoring of these variables. In addition to the definition offered by Van Freda (1977) on Internal Controls he notes the importance of people in the system. Spencer Pickett (2005) noted that the purpose of any control system was in order to maintain a certain status quo. He also notes the third aspect of the process rules and procedures that govern the establishment. g) Ensure that the financial reports remain reliable and that the entity complies fully with the laws and regulations.deffsnotes. According to Spencer Pickett (2005). This includes the entity‟s competitors. maintenance. As a result a cost/benefit analysis has to be done to determine whether it‟s worthwhile to implement such controls.

tasks. Included in these objectives is the ability of the organisation to safeguard its assets and resources. Objectives Inherent risks Control Strategy -------------------Achievements Source: The essential Handbook of Internal Auditing by K. or attachments as a result of unmanaged liabilities. operational. Spenser Picket (2005) The above diagram shows that organisations set clear objectives. These processes should generate reliable information which is not only timely but also relevant from both within and outside the organisation. According to the internal control model the organisation analyses and assess the inherent risks within the system. The organisation will also be able to respond appropriately to risks such as business. compliance and other risks which affect the organisations aim in achieving its objectives. 3 . Turnbull (2005) also notes that the internal controls ensure that both the internal external reports are of high quality. These aspects facilitate an organisation to effectively and efficiently execute its operations. H.Spenser Picket (2005) suggests that the purpose of any control system is to reach or attain a desired state or maintain that desired state. These are safeguarded from events such as fraud. that control is about achieving the organisational objectives managing risk and maintaining things in balance. behaviours and other aspects of an organisation. These control strategies are derived from a wider risk management strategy according to Picket S (2005). Turnbull (2005) also highlighted that internal control systems encompasses policies. financial. The author introduces a basic model of control in figure 1. loss. The author advocates. This can only be achieved through the maintenance of proper records and processes. after identifying them the organisation then formulates the control strategies. process.

Maintain and update the controls Management should ensure that the controls are secured always. 5. Evaluation Picket (2005) considers the application of internal controls as an important part of management skills and training. 6. 3. 2. Determine the need for controls It is the role of management to establish specific situation that require internal controls and then it response to that accordingly. Turnbull (2005) also notes that the board sets the control policy direction of the organisation whilst management implements the policies. Check the internal controls for correct application Picket (2005) notes that management and not the internal audit should be responsible for ensuring that the whole organisation adheres to the control as per the original intention and that they are not being by-passed. When implementing the controls management must consider the following:1. Design Suitable Controls Management should then design appropriate internal controls for implementation. Responsibilities According to the Turnbull. Implementation of these controls The tactical team in the organisation should then carefully implement the internal control processes. 4 . Within the organisation the controls ensure that the internal policies are also complied with. The internal control must be effective in controlling risk in the manner approved by the entity‟s board. the board of directors of an entity is responsible for the system of internal control (para 15). 4.The Turnbull (2005) report also notes that internal controls should assist in ensuring compliance with applicable laws and regulations.

Lastly how should the organisation plan in advance in order to address detected problems. How does management implement the specific measures that the organisation now understands? Management should have a feedback mechanism in place that assists in finding out if. In their article entitled “Internal Control is a good thing” Wooten et al (2005) summarises the unique problems encountered by religious organisations. Preventive These are controls out in place to ensure that a system functions as originally intended. 4. 5 . Wooten et al (2005) writing in the Business Management journal noted that a number of high profile financial mismanagement in religious organisations had brought financial control in religious organisations to the attention of the public. 2. despite the intervention of management. They suggested that every church should be concerned about the financial affairs of their organisation in relation to their management or their mismanagement. things are still wrong. particularly when the risk to the business is significant. Detective This control according to Picket (2005) is supposed to pick up transaction errors that have passed undetected in the system. They advised the church leadership to place the protection of the Church. 3. Corrective This type ensures that any problem identified is rectified accordingly. Directive This control according to Picket (2005) ensure that there is a clear direction and drive towards achieving the objectives stated.Types of Controls Picket (2005) categorised controls into four distinct classes. its members and staff on the high priority lists. These were as follows:1. Picket (2005) suggests that a combination of the above types is essential and this would address issues such as how management would get the right culture in an organisation to ensure that the risks are well appreciated and anticipated.

6 . This results in the leader paying little attention to the need of internal controls. policies and procedures established by the organisation to provide reasonable assurance that assets are safe guarded. these individuals may lack the necessary technical expertise and skill in the designing of internal controls and information systems development. Wooten et al (2005) are of the opinion that religious organisations believe that no one would purposely misuse or misappropriate the organisation‟s money. They correctly pointed out that the most financial programs of Churches are supervised and overseen by volunteer treasurers. Religious organisations generally trust their staff. Those religious organisations large enough to employ full-time accounting staff normally settle for book-keepers who have little analytical skills and training other than the daily accounting routines. Most religious organisations rely heavily on trust of their staff.They noted the over reliance of religious organisations on volunteer management services. Quite often than not. Concluding their perception of problems in religious organisations. Religious organisations are thus discouraged from implementing proper financial controls because of this misconception. the volunteer staff grow a tendency of less diligence about internal controls and the uses of cash. Wooten et al (2005) notes that the sense of trust and “higher calling” results in these religious organisations paying little attention on sound internal control policies. operations are efficient and effective and policies are adhered to. They note that there is little follow up or specific expectation by the donor. or finance committee. Wooten et al (2005) highlights the common misconception that internal controls are there primarily to prevent fraud. They point out that leaders belief internal controls are unnecessary because their staff are not under the same pressure or temptation as those befalling the traditional for-profit organisations as a result. They highlighted that without specific expectation or accountability concerning this cash. Definitions According to Wooten et al (2005) internal controls are defined as the structure. information is reliable. Wooten et al (2005) also suggest that religious organisations generally receive their donations in the form of cash. Internal controls provide the boundary around the organisation processes ensuring that things are rightly done.

The Wooten et al (2005) concurs with other authors on the traditional mechanism that may be applied in practice. These manuals covered areas such as accounting and finance. Picket (2005) retort that organisations should set corporate standards as a high level control. Strong internal controls will assist staff in making the right ethical decisions. According to Picket (2005) internal controls should be specific. They noted that internal controls protect both the individual and the organisation. also noted that internal controls function within an environment. This they termed the control environment which is governed and regulated by the leaders of that organisation. Implementing these might appear to be untrusting. the commitment of the leaders to excellence. They went on to describe the effects of the type of leadership to the type of internal controls implemented. Manuals assist in eliminating wrong interpretation of policies or any confusion that might arise on how things must be accomplished by the church employees. achievable. This will cascade from the Board which will formulate strong internal control policies and procedures down to the employees. Wooten et al (2005) refers to a survey that indicated that 24 per cent of churches have a written manual.Wooten et al (2005) drew attention to the general misconception that the main purpose of internal control is to prevent fraud. Manuals also assist in ensuring that there is consistent application of the practices of the organisation and that monies are handled consistently and without errors. The control environment included. results oriented and times. The real purpose of implementing sound controls is in order to prevent the staff from making errors or making questionable transactions. measurable. An organisation with a strong management philosophy operating style and structure will invariably have a strong control environment and strong internal controls. They advised that religious organisations should have formally documented financial policies and procedures. This allows the organisation to formally adopt agreeable processes for administration and standard reporting of financial activities. Wooten et al (2005). According to them this misconception actually discourages religious organisations from implementing internal controls and developing internal control policies. 7 . integrity and competency of the organisation. These include a written procedures manual.

and clear goals and procedures. contracts and related financial matters. Procedures on purchasing of goods and services acquired by the organisation. responsibility and authorisation. Supervisor also provides assistance to their subordinates. Picket (2005) point out that there should be clear reporting lines established links between accountability. Picket (2005) reported that traditional control mechanism include authorisation.The standards should cover at least the following areas:  Financial controls regulating. income and expenditure.    As part of the traditional controls. Churches should segregate the duties of authorisation. 8 . cash and banking. Standards covering the use of computerised system and security procedures. passwords for access to computers and other building security procedures. performance management. Human resources manual covering recruitment. Wooten et al (2005) notes that the segregation of incompatible duties is a key aspect of internal controls. Those that prepare bank reconciliations should be kept away cash receipts and disbursements. Supervisory controls ensure that staff is observed as they work by their first line manager. Another control mechanism is the implementation of physical access restrictions. Picket (2005) summarises this by stating that the segregation of duties control brings in more than one person during any one transaction. general accounting. The person who buys goods. These restrictions include the use of physical gates and locks. should not be in charge of keeping the records of the goods purchased. Those who prepare and post journal entries should not be given the responsibility of authorising payments as well. Compliance controls ensure that the organisation does its things in a proper and legal way. This is the process of granting permission on behalf of the company. Ethical code of conduct covering guidance on the treatment of gifts and hospitality. record keeping and custody. Wooten et al (2005) reported that 80 to 90 percent of the churches they surveyed reported having a finance committee and adopting an annual budget. discipline and grievance procedures. staff training and development. The churches adopted clear organisational structures.

This aspect is noted as the basics of much of the rationale behind the Cadbury Report. They noted that this reason formed the underlying foundation of the conduct of the board. (Organisation for Economic Co-operation and Development 2004) according to the website defined corporate governance as a term by which businesses are operated.Wooten et al (2005) emphasised the need to receive an annual audit from a qualified (2009) corporate governance is comprised of two major factors. processes or laws. consistency and transparency as they relate with the shareholders. According to his website. The performance system should be simple. the auditors are expected to make recommendations that strengthen the organisation‟s control system. The website www. flexible. regulated and controlled. Wooten et al (2005) concludes by highlighting the importance of the use of computerised accounting software necessary to track and report financial results. reliable. driven by the board. He notes that audit provide an assurance to the financial status of the organisation. 9 .techtarget.e. checks and balances. performance management is yet another key control necessary for organisation as it allows management to examine outputs and overall performances. i. b) The transactional relationships which deal with issues of disclosure and authority. Corporate governance is also about relationships among the leadership of an organisation and its stakeholders. According to Picket (2005). the relationships of management and investors and management performance incentives. He highlighted that an audit would allow for an independent assessment of the financial position of the organisation.applied-CorporateGovernance. Corporate Governance According to the Cadbury Committee (1992) corporate governances defined simply as a system by which companies are directed and controlled. reflect accountabilities and forward – looking based on the corporate vision. accepted by all. a) The long term relationships concerning controls.searchfinancialsecurity. In order to strengthen the internal controls systems of the organisation. that is. This is through set rules. the relationships sited above are adversarial resulting in an attitude of mutual suspicion.

Mohamed (2004) observes that when ownership is separated from control. As an extension to Mohamed (2004)‟s argument.Tarnation (2008) agrees with other authors on this topic by noting that corporate governance addresses how both the private and public sector in terms of the processes. Governance is also about the separation and segregation of ownership of an organisation and its control. systems and controls of these organisations. b) The quality of corporate governance also impacts on the organisation‟s ability to attract low cost capital. Tarantino (2008) also highlights the relationship between the various stakeholders of an entity. These are relationships between those who govern and the governed such as the board of directors. The usage of the resources ensure that societal needs are met. suppliers and customers. Mohamed (2004) notes that the quality of corporate governance is important since it directly impacts on the following:a) The effectiveness and efficiency in which the assets of an organisation are employed. the regulators and its community. He adds that it is about how the organisational resources are used to manage these institutions. Managers should therefore be empowered to make strategies and decisions that align the organisation to the changes in the environment. its employees. this researcher goes on to note that Religious organisations contribute to the social and spiritual needs of the society which will in turn lead to improved standards of living and a more stable political system. its shareholders. He notes that governance has to do with a legal and a regulatory framework. Citing the work by Gregory and Simms (1999). managers tend to irresponsibly pursue overly risky or imprudent projects. 10 . Importance of Corporate Governance According to Mohammed (2004) in his working paper. He notes that resources are scarce and that they will be deployed to those organisations capable of making use of those resources in the production of the goods and services. He further argues that society benefits from their existence. Effective corporation lower cost of capital by instilling confidence that the investors‟ resources will be put to good use as per the original intention. The Importance of Effective Corporate Governance outlined the importance of effective corporate governance. This is how an organisation maximises the usage of the resources. Tarantino (2008) refers to the Latin origin of the word governance by noting that it refers to steering. He argues that corporations are a separate legal entity created by societies. He further goes on to say that incompetent managers will be replaces.

or mergers or acquisition decisions. corporation must comply with the laws and regulations thus contributing to the civil society. rules and regulations in place that assist management and also protect the providers of capital. PRINCIPLES OF CORPORATE GOVERNANCE According to Tarantino (2008) there are generally accepted principles of corporate governance which have been widely accepted over time. Mohamed (2004) notes that the factors listed above should lead to improved corporate performance and reduced corruption in the organisation. He also goes on to suggest that for long term success. ownership and control of an organisation. 11 . major and minority shareholders.He therefore asserts that there should be guidelines. procedures regulations and practices that protect both the ownership and property rights of shareholders as well as the right to transfer their shares. organisations should respect the rights and concerns of the shareholders. There should be laws. These rights include the right to participate in important decisions of the organisation such as the election of directors. have the opportunity to seek redress in cases of violation of rights. c) The ability to meet the expectations of society Mohamed (2004) observes that corporation that seek to maximise profits at the expense of societal expectations and environmental issues are most likely going to fail. He lists such measures as: (i) The monitoring of management by an independent body (ii) There should be transparency about performance. Mohamed (2004) states that corporate governance should assist in protecting the rights of all shareholders. d) Overall performance Effective corporate governance hold boards and managers accountable for the management of the organisational assets. (iii) Shareholders‟ views should be incorporated in the decision making of fundamental issues. Mohamed (2004) explains that there should be laws that protect the rights of minority shareholders from misappropriation of assets by management or abuse by the major shareholders. a) Rights & Fair Treatment of Shareholders According to Tarantino (2008). both local and foreign. Effective corporate government discourages corrupt practices to take root in the company. Good corporate governance should ensure that all shareholders.

performance. There are practices which are not illegal but undesirable which corporates should avoid. Mohamed (2004) also state that good corporate governance dictates that timely and accurate disclosures be made on all material matters affecting the organisation and its operations. directors have the responsibility to ensure that the corporate they lead abide by the rules and regulations of the countries they operate in. According to Tarantino (2008) there should be a healthy mix of both the executive and non-executive directors who both should have strong credentials to lead the organisation. ownership and governance of the company. The board should set the ethics culture of the organisation and they should reinforce this by actions on the ground. This includes its financial status material risk exposure. Mohamed (2004) advocates for the use of internationally accepted accounting standards which insist on full disclosures to be made and hence assist users of the financial reports to make well informed decisions as well as draw comparisons with other companies on financial performance. c) Ethics and Professional Behaviour Tarantino (2008) suggests that corporates should go beyond formulating a code of ethics to ensuring that a culture of compliance to the ethics is implemented. corporations should be encouraged to “act responsibly and ethically”. He suggests that the posts of the Chief Executive Officer and the board Chairman should not be held by one person. Corporates are expected to go beyond the legal requirements by providing for health care or environmental friendly technologies. He notes that where these regulations advocate for minimal expectations. d) Transparency and Disclosure According to Tarantino (2008) companies should have strong and well document processes and internal controls that assist in providing transparent financial reports. 12 . According to Mohamed (2004).b) The Roles and Responsibilities of the Board of Directors The board of directors should be comprised of skilled and focused members with a different array of expertise and experience.

employees. This model is centred on powerful families who at times control a majority of public companies. The growth in profits is slower. customers. Transparency is generally viewed as giving away financial and strategic information to the competition and regulators.Both authors highlight the importance of independent audits which are conducted at least annually. Internal and external auditors should be qualified and strong enough to provide frank audit reports. 13 . The shareholders consent or comply passively or without protest. e) Internal Controls Tarantino (2008) draws attention to the relationship between internal controls and corporate governance. suppliers and the community in general. This model places more interest in the shareholders and less emphasis on the interest of management. Tarantino (2005) notes that this model results in an incremental growth in profits and innovation. suppliers. employees. The model is centred on a powerful Chief Executive and a hands-off shareholder relationship. and the community.A scandals in the 1990s extended the board‟s responsibility beyond the traditional stewardship role. Tarantino (2008) also advocates for the use of whistle-blowers to assist in unearthing fraud or errors in financial reports. This model is more prevalent in Europe and Japan. This model leads to less corporate failure in the areas of ethics and morality. these being:a) The Anglo-American model b) The Coordinated model c) The Family-Owned Company model He notes that the Anglo American model gives priority to the interest of shareholders. customers. The coordinated model on the other hand places its emphasis on the interest of management. The family-owned company model is more prevalent in Asia and Latin America. with the board providing stewardship. CORPORATE GOVERNANCE MODELS According to Tarantino (2005) the three corporate governance models. He notes that controls which impact on financial reporting is included in corporate governance. be competitive and innovative. He sights that internal controls are important components to all facets necessary in improving corporate governance. Tarantino (2005) notes that the U. This is turn translates into strong pressure to grow profitability.S.

According to the King III Report on governance for South Africa. The board should consider the impact of the organisation and its operations on the society and its environs. These standards of governance. The report also highlights the importance of the interconnectivity of business society and nature in order to achieve sustainability of the organisation in the operating environment. The operations should be guided by the Constitution and Bill of Rights and embark on measurable corporate citizenship programmes. Ethical Leadership and Corporate Citizenship There are several principles that report list under ethical leadership and corporate citizenship. fairness and transparency. This includes the adoption of economic. The King III report applies to all entities whether in the private. accountability. The board should build a sustainable ethical culture both on the formal and informal sector. 14 . Rewards should be given as recognition of the implementation and adherence to the code of conduct and ethics. Effective leadership should be guided by the principles of fairness. The King III notes that the board should ensure that the company‟s ethics are managed effectively. This leadership should be characterised by ethical values of responsibility. The board should ensure that the organisation is and is perceived to be a responsible corporate citizen. might render the board or director liable at law. ethical values and transparency. The principles and the code should be applied to all the entities. The report states that the board should provide effective leadership based on an ethical foundation. Companies are separate legal persons who should operate in a sustainable manner. social and environmental issues in the business strategy of the organisation. According to the report there are principles that form best practice guidelines. The organisation‟s ethics performance should be reported and disclosed. public or non-profit sectors. although not legislated. The code of Governance principles for South Africa (2009) the corporate governance philosophy revolves around three aspects a) Leadership b) Sustainability c) Corporate Citizenship The report identifies effective leadership as an essential component of corporate governance. accountability.

the audit committee should oversee and have regard to all factors and risks that may impact on the integrity of the integrated report whilst also ensuring that a combined assurance model is applied to provide a coordinated approach to all activities relating to assurance. This includes the adoption of a board. 15 . Directors should disclose their interest should there be a conflict of interest. The King III also advocates for an independent audit committee which ensures that integrity of financial reports and internal controls. and other stakeholders. The audit committee composition. An Audit Committee assist in the identification and management of risk. a vital aspect of corporate governance. This committee should be chaired by an independent non-executive director. This means that the organisational strategy should be aligned to the risk profile of the organisation whilst satisfying the interests and expectations of stakeholders in the same process. performance and sustainability are components of the business that are inseparable. They must act and abide by legal standards of conduct. The report also recommends that the audit committee members should be suitably skilled and experienced independent non-executive directors. The report also suggests that the audit report should meet with the internal and external auditors in the absence of management. purpose and terms of reference must be approved by the board. its relationship with management. The board should also appreciate that the organisational strategy. The board should act in the best interest of the organisation. at least once a year.Boards and Directors The King III suggests that the board should act as the focal point for and custodian of corporate governance. the number of times it should meet annually. For transparency sake. The report recommends an independent audit committee which fulfils transparency. the board chairman should not chair the audit committee nor be its member. According to the King III report. The combined assurance should be appropriate in addressing all significant risk the organisation might face. The King III rightly points out that the board should provide effective leadership with the code of conduct and ethics being the foundation binding the behaviour of the board. risk. The combined processes are aimed at maximising control efficiencies.

implement and monitor the risk management plan. The audit function should in turn be subject to an independent quality review. properly documented and formalised risk assessment method. It is also the duty of the audit committee to report to the board and the shareholders on how it has discharged its mandate. their engagement and remuneration. The audit committee should oversee the internal audit function and approve the internal audit plan. Management should in turn design. with the requisite experience and resources. The audit committee should also have oversight over the following:    Financial report risks Internal financial controls Fraud in relation to financial reporting I. through a systematic. The report also advocates that the board should determine the risk tolerance of the organisation. The committee must approve the terms of reference of the external auditors. The formal framework and methodology should increase the probability of anticipating unpredictable risk. This should be reviewed annually to ensure that the organisation is operating with in the risk tolerance and appetite levels. The board‟s risk management policy document should be disseminated throughout the organisation. An annual review should therefore be taken and the necessary disclosures made in the integrated report. The implementation of the risk management policy should be delegated to management. The board should formulate the risk policy and plan for a system and process of risk management. This committee should convene at least once year. 16 . Risk assessments should be performed on a continual basis. Governance of Risk The King III report places the responsibility of risk management squarely in the hands of the board. It is the responsibility of that committee to consider the risk management policy and plan and monitor the risk management process of the organisation. the appointment of external auditors.T. and the board should review the implementation of this policy at least once per year. risk in relation to financial reporting It should also recommend to the board. The board can appoint a risk committee or place its risk management responsibilities to the audit committee.The report also advises that the audit committee should be satisfied that finance function is manned by appropriate expertise.

This sequence of events was illustrated clearly and diagrammatically.Risk Management Crouhy et al (2006) highlighted that the future is fraught with uncertainties. The Risk Management Process Identify Risk Exposures Measure and Estimate Risk Exposure Find Instruments and facilities to shift or trade risks Assess Effects of Exposure Assets Costs and Benefits of Instruments Form a Risk Mitigation Strategy     Avoid Transfer Mitigate Keep Evaluate Performance Source: Crouhy et al (2006) 17 . the need to manage these uncertainties cannot be over emphasized. measure it. They asserted the new ability to be able to identify risk. stock market prices or exchange rates. appreciate the consequences and take the necessary action so as to either transfer the risk or mitigate it. Despite this difficulty. They noted that impossibilities of successfully predicting the outcomes of interest rates.

risk management is the systematic application of management policies. 2. 3. Better insight in formulating well informed decisions.Though this sequence is simple and formal. 6. organising. Evaluating loss exposures Appraising the feasibility of alternative risk management techniques Establishing a risk management program Adapting to change. 4. Optimising operational efficiency. risk management protects and adds value to an organisation through the following:1. 3. 18 . This process is in order to achieve given objectives when there is a possibility of surprisingly good or bad events. 5. More efficient allocation and use of resources within the organisation. planning and prioritisation through comprehensive and structured understanding of business activities. Ensuring that there is reduced volatility in non-essential areas of the organisation. The protection and enhancing of the assets of the organisation as well as protecting its image and reputation. 7. Supporting the organisation‟s objectives by ensuring that future activities take place in a consistent and controlled manner. Head (2009) brings into his definition management aspects by stating that risk management is a process of planning. evaluation and controlling of risk. directing and controlling resources. 2. According to the Risk Management Standard (2002). According to the Standard ISO31000 “Risk management – Principles and guidelines on implementation”. He notes that the risk management process comprises of the following basic steps:1. They argued that sometimes the identification of risk may pose a major challenge to one risk manager whilst the ability to transfer of risk might be the defining aspect that makes one risk manager better than the other. volatility and project opportunity/threat. 4. Crouhy et al (2006) noted that it rarely runs smoothly in practice. Developing and supporting people and the organisation‟s knowledge base. procedures and practices to the task of analysing.