Professional Documents
Culture Documents
moth nor rust doth corrupt, and where thieves do not break
through nor steal:
21
For where your treasure is, there will your heart be also.
Learning Outcomes
Risk Management
1. Describe the relationship between Internal Control & Risk
Management.
2. Define Risk Management
3. Discuss the principles of risk management.
4. Describe samples ERM System software
5. Discuss the components of an ERM System
6. Discuss the benefits of Risk Management in General and ERM
System
7. Describe the elements of risk management
8. Enumerate the risks associated with investments, manufacturing,
trading and service concern, and financial institutions.
9. Briefly discuss SEC requirement to ERM of Publicly Listed
Companies
10. Discuss the potential risk treatment
11. Discuss the risk management process.
Internal Control
1. Define Internal Control
2. Discuss each elements/components of Internal Control
3. Describe the main objectives of Internal Control
4. Enumerate the types of controls
Internal Control & Risk Management:
Strong Relationship
Internal Control is designed and
implemented to address identified business
risks that threaten the achievement of
reliability of financial reporting, effectiveness
& efficiency of operations and compliance
with applicable laws & regulations.
Internal Control & Risk Management:
Strong Relationship
Risk management is the ongoing
process of designing & operating internal
controls that mitigate the risks identified
in the organization’s risk assessment.
(CMA, Gleim 2018)
The Risk and the Control Environment
Every organization faces risks, that is, unforeseen
obstacles to the pursuit of its objectives. Risks take
many forms and can originate from inside or outside the
organization.
All systems of internal control involve tradeoffs between
cost and benefit and for this reason, no system of
internal control can be said to be “100% effective”
Organization’s accept the fact that risk can only be
mitigated, not eliminated.
Adobe Acrobat
Source:https://PWaiqicn2RxNz4WhoCpOAQAvD Document
Components of an ERM System
Components of an ERM System
1. Internal environment
2. Objective Setting
3. Event Identification
4. Risk Assessment
5. Risk Response
6. Control Activities
7. Information & Communication
8. Monitoring
Sample ERM Software
Adobe Acrobat
Source:https:https://www.softwareadvice.com/risk-management/erm-comparison /
Document
Benefits of ERM
Benefits of ERM
1. Alignment of entity’s strategy
2. Improvement in risk response
decisions
3. Reduction in the number & impact of
operational surprises & losses
4. Identification & Management of
multiple & cross-enterprise risks
5. Improved ability to seize (act ) on
opportunities that arise
6. Improved utilization of capital and
resources of the company
Elements of Risk Management
1. Identification, characterization, and
assessment of threats.
2. Assessment of the vulnerability of critical
assets to specific threats
3. Determination of the risk (i.e. the expected
likelihood and consequences of specific types
of attacks on specific assets)
4. Identification of ways to reduce those risks
5. Prioritization of risk reduction measures based
on a strategy
Risk Management
Business risk
Financial risk
Liquidity risk
Default risk
Interest rate risk
Management risk
Purchasing power risk
Risk Associated with Manufacturing, Trading & Service
Concerns
A. Market Risk
A. 1 Product Risk
– Complexity, obsolescence, research & development, packaging, delivery of
warranties
A.2. Competitor Risk
– Pricing strategy, market share, market strategy
B Operational Risk
process stoppage, health & daety, after sales service failure,
environmental, technological obsolescence, integrity
C. Financial Risk
-interest rates volatility, foreign currency, liquidity, derivative, viability
D. Business Risk
-regulatory change, reputation, political, regulatory and legal, shareholder
relations, credit rating, capital availability, business interruptions
Risk Associated with Financial Institutions
A. Financial Risks
-Liquidity Risk, Market Risk, Credit Risk, Market Liquidity Risk, Hedged
Positions Risk, Portfolio Exposure Risk, Derivative Risk, Accounting
Information Risk (completeness & accuracy), Financial Reporting Risk
B. Non-Financial Risk
-Operational Risk (systems, customer satisfaction, human resources,
fraud & illegal acts, bankruptcy)
-Regulatory Risk (capital adequacy, compliance, taxation, changing laws
& policies)
C. Environment Risk
-politics, natural disasters, war, terrorism
D. Integrity Risk
-reputation
E. Leadership Risk
Risk Associated with Financial Institutions
A. Financial Risks
-Liquidity Risk, Market Risk, Credit Risk, Market Liquidity Risk, Hedged
Positions Risk, Portfolio Exposure Risk, Derivative Risk, Accounting
Information Risk (completeness & accuracy), Financial Reporting Risk
B. Non-Financial Risk
-Operational Risk (systems, customer satisfaction, human resources,
fraud & illegal acts, bankruptcy)
-Regulatory Risk (capital adequacy, compliance, taxation, changing laws
& policies)
C. Environment Risk
-politics, natural disasters, war, terrorism
D. Integrity Risk
-reputation
E. Leadership Risk
SEC requirement to Enterprise Risk Management of
Publicly-Listed Corporation
SEC Code of Governance Recommendations 2.11 & corresponding
explanation provide the ff:
“The Board should oversee that a spund enterprise risk management (ERM)
framework is in place to effectively identify, monitor, assess and manage key
business risks. The risk management framework should guide the Board in
identifying units/business lines and enterprise-level risk exposures, as well as
the effectiveness of risk management strategies.
1. Control environment
2. Risk Assessment
3. Control Activities
4. Information & Communication
5. Monitoring Activities
1. Control Environment
Control Environment is a set of standards, processes and
structures that pervasively affects the system of internal control.
What are the 5 principles related to control environment
1. Commitment to integrity & ethical values
2. The Board demonstrates independence from management &
exercises oversight for internal control
3. Management establishes (with board oversight) the structures,
reporting lines, and appropriate authorities and responsibilities.
4. The organization demonstrates commitment to attract, develop,
and retain competent individuals in alignment with objectives.
5. The organization holds individuals accountable for their internal
control responsibilities in pursuit of objectives.
2. Risk Assessment
This process encompasses an assessment of the risks
themselves and the need to manage organizational change.
This is the basis for determining how the risks should be
managed.
4 Principles related to risk assessment:
1. The organization specifies objectives with sufficient clarity to
enable the identification & assessment of risk relating to the
this objectives.
2. The organization identifies the risks to the achievement of its
objectives across the entity and analyzes risks to determine
how the risks should be managed.
3. The organization considers the potential for fraud in
assessing fraud risks to the achievement of objectives.
4. The organization identifies and assesses changes that could
3. Control Activities
These policies and procedures help ensure that management
directives are carried out. Whether automated or manual, they
are supplied at various levels of the entity and stages of
processes. They maybe preventive or detective, and
segregation of duties is usually present.
Principles:
1. The organization selects & develops control activities that
contribute to the mitigation of risks to the achievement of
objective to acceptable levels.
2. The organization develops general control activities through
policies that establish what is expected and procedures that
put policies into action.
3. The organization deploys control activities through policies
that establish what is expected and procedures that put
4. Information & Communication
Information systems enable the organization to obtain,
generate, use, and communicate information to 1)maintain
accountability and 2) measure & review performance.
Principles:
1. The organization obtains or generates and uses relevant,
quality information to support the functioning of internal
control.
2. The organization internally communicates information,
including objectives and responsibilities for internal control
necessary to support the function of internal control.
3. The organization communicates with external parties
regarding matters affecting the functioning of internal
control.
5. Monitoring Activities
Control systems and the way control are applied
change over time. Monitoring is a process that
assesses the quality of internal control performance
over time to ensure that controls continue to meet the
needs of the organization.
Principles:
1. The organization selects, develops, and performs
ongoing or separate evaluation (or both) to
determine whether the components of internal
control are present & functioning.
2. The organization evaluates and communicates
control deficiencies in a timely manner.
Controls
The costs of internal control must not be greater than its benefits.
Types of Controls:
1. Primary Controls
2. Secondary Controls
3. Time-Based Classification
4. Financial vs Operating (Admin Controls)
5. People Based vs System Based Controls
6. Control Activities
7. Segregation of Duties (ARCR- Authorization, Recordkeeping,
Custody, Reconciliation)
8. Independent Checks & Verification
9. Safeguarding Controls
10. Prenumbered Forms
11. Compensating Controls
12. Fraud
Call To Action Slide
Thank
You