Professional Documents
Culture Documents
FRAMEWORK AND
RISK MANAGEMENT
TYCO INTERNATIONAL
SCANDAL
TYCO INTERNATIONAL SCANDAL
OTHER INFORMATION:
It should also be noted that Dennis
Kozlowski had personal traits about him that
contributed to the fraud committed, such as
a seeming willingness to lie or exaggerate
about anything related to him. In interviews
Kozlowski would refer to his father a police
officer, when in fact he was not, and he
would mention on a fairly regular basis that
he had a Master’s Degree in business
administration (MBA) when he actually
never completed the program.
TYCO INTERNATIONAL SCANDAL
REFLECTION:
IT IS THE WILLINGNESS TO TELL
SMALL LIES THAT LEAD TO STORIES
BEING FORMED THAT JUST BUILD
UPON THEMSELVES AND CREATE AN
ENTIRELY NEW REALITY PER SAY FOR
AN INDIVIDUAL THAT ALLOWS THE
FRAUD LIKE THE ONE DENNIS
KOZLOWSKI TO BE PERPETRATED
AND RATIONALIZED BY THE
PERPETRATOR.
Member Organization of COSO
• The Institute of Internal Auditors
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring
1. Control Environment
The control environment sets the
tone of an organization, influencing
the control consciousness of its
people. It is the foundation for all
other components of internal control,
providing discipline and structure.
Control environment factors include
the integrity, ethical values and
competence of the entity’s people;
1. Control Environment
management’s philosophy and
operating style; the way
management assigns authority and
responsibility, and organizes and
develops its people; and the
attention and direction provided by
the board of directors.
Integrity and Ethical Values
Integrity and ethical values are
essential elements of the control
environment, affecting the design,
administration and monitoring of
other internal control components.
The effectiveness of internal
controls cannot rise above the
integrity and ethical values of
the people who create,
administer and monitor it.
Integrity and Ethical Values
Integrity is a prerequisite for ethical
behavior in all aspects of an
enterprise’s activities.
• Risk Management
• Governance
• Control
• Assurance (and Consulting)
ERM Defined:
“… a process, effected by an entity's board of
directors, management and other personnel,
applied in strategy setting and across the
enterprise, designed to identify potential events
that may affect the entity, and manage risks to
be within its risk appetite, to provide reasonable
assurance regarding the achievement of entity
objectives.”
• Separate evaluations.
• Risk officers
• Internal auditors
Internal Auditors
• Play an important role in monitoring ERM, but
do NOT have primary responsibility for its
implementation or maintenance.
• Ownership
• Updates
-Changes in business objectives
- Changes in systems
- Changes in processes
Internal auditors can add value
by:
• Reviewing critical control systems and risk
management processes.
ERM ERM
Manager Manager
Process Risks
• Operations Risk
• Empowerment Risk
• Information Processing / Technology Risk
• Integrity Risk
• Financial Risk
Process
Identification Control It
Level
Share or Activity
Measurement
Transfer It Level
Diversify or
Prioritization Entity Level
Avoid It
Options available:
- Accept = monitor
- Avoid = eliminate (get out of situation)
- Reduce = institute controls
- Share = partner with someone
(e.g. insurance)
I
M Share Mitigate & Control
P
A Low Risk Medium Risk
C
T
Accept Control
• Perform analysis
- Risks are being properly addressed
- Controls are working to mitigate risks
Management Oversight &
Periodic Review
• Accountability for risks
• Ownership
• Updates
-Changes in business objectives
- Changes in systems
- Changes in processes
End of
Presentation