Scribd
Upload
2K views23 pages

Chapter 11-13 Governance

The document discusses key aspects of risk management and internal control. It defines risk management as identifying, assessing, and controlling risks, and internal control as processes designed to provide reasonable assurance of reliable financial reporting, effective operations, and compliance with laws. The main components of internal control are the control environment, risk assessment, control activities, information and communication, and monitoring.

Uploaded by

aljane
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
2K views23 pages

Chapter 11-13 Governance

The document discusses key aspects of risk management and internal control. It defines risk management as identifying, assessing, and controlling risks, and internal control as processes designed to provide reasonable assurance of reliable financial reporting, effective operations, and compliance with laws. The main components of internal control are the control environment, risk assessment, control activities, information and communication, and monitoring.

Uploaded by

aljane
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 23

CHAPTER 11

RISK MANAGEMENT
Risk Management
• process of measuring, or assessing risk and developing strategies to
manage it.

• systematic approach in identifying, analyzing, and controlling areas or


events with a potential for causing unwanted change.

• act or practice of controlling risk

• includes risk planning, assessing risk areas, developing risk handling


options, and monitoring risk

• identification, assessment and prioritization of risks followed by


coordinated and economical application of resources to minimize,
monitor and control the probability and/or impact of unfortunate
events and to maximize the realization of opportunities. (ISO 31000)
BASIC PRINCIPLES OF RISK MANAGEMENT

Risk management should:


•Create value – resources spent to mitigate risk should be less than the consequence of
inaction, i.e., the benefits should exceed the costs;
•Address uncertain and assumptions;
•Be an integral part of the organizational processes and decision-making;
•Be dynamic, iterative, transparent, tailorable and responsive to change;
•Create capability of continual improvement and enhancement considering the best available
information and human factors; and
•Be systematic, structured and continually or periodically reassessed.
PROCESS OF RISK MANAGEMENT

According to the standard ISO 31000 “Risk Management –


Principles and Guidelines on Implementation, “the process of
risk management consist of several steps as follows:
•Establish the context;
•Identification of potential risks; and
•Risk Assessment.
ELEMENTS OF RISK MANAGEMENT

The performance of assessment methods should consist of the


following elements:
•Identification, characterization and assessment of threats;
•Assessment of the vulnerability of critical assets to specific
threats;
•Determination of the risk (i.e. the expected likelihood and
consequences of the specific types of attacks on specific assets);
•Identification of ways to reduce those risks; and
•Prioritization of risk reduction measures based on a strategy.
RELEVANT RISK TERMINOLOGIES

1. Risks Associated with Investments

Although a single risk premium must compensate the investor for all the
uncertainty associated with the investment, numerous factors may contribute
to investment uncertainty. The factors usually considered with respect to
investments are:
•Business Risk
•Financial Risk
•Liquidity Risk
•Default Risk
•Interest Rate Risk
•Management Risk
•Purchasing Power Risk
RELEVANT RISK TERMINOLOGIES

2. Risk Associated with Manufacturing, Trading and Service


Concerns
RELEVANT RISK TERMINOLOGIES
3. Risk Associated with Financial Institution
POTENTIAL RISK TREATMENTS

ISO 31000 also suggests that once the risks have been identified
and assessed, techniques to manage the risks should be applied.
These techniques can fall into one or more of these four
categories:

•Risk Avoidance
•Risk Reduction
•Risk Sharing
•Risk Retention
AREAS OF RISK MANAGEMENT

The most commonly encountered areas of risk management include:

• Enterprise risk management


• Risk management activities as applied to project management
• Risk management for megaprojects
• Risk management of information technology
• Risk management techniques in petroleum and natural gas
STEPS IN THE RISK MANAGEMENT PROCESS

To enhance management’s competence in their oversight role on risk management the following steps may be
followed:
1.Set up a separate risk management committee chaired by a board member;
2.Ensure that a formal comprehensive risk management system is in place;
3.Assess whether the formal system possesses the necessary elements;
4.Evaluate the effectiveness of various steps in the assessment of the comprehensive risks faced by the business
firm;
5.Assess if management has developed and implemented the suitable risk management strategies and evaluate
their effectiveness;
6.Evaluate if management has designed and implemented risk management capabilities;
7.Assess management’s efforts to monitor overall company risk management performance and to improve
continuously the firm’s capabilities;
8.See to it that best practices as well as mistakes are shared by all;
9.Assess regularly the level of sophistication of the firm’s risk management system; and
10.Hire experts when needed.
CHAPTER 12

PRACTICAL GUIDELINES IN REDUCING


AND MANAGING BUSINESS RISKS
Common Areas of Risk Affecting Business
UNDERSTAND WHY RISKS BECOME REALITY
The five (5) most significant types of risk catalyst
are as follows:
1.Technology
2.Organizational change
3.Processes
4.People
5.External factors
APPLY A SIMPLE RISK MANAGEMENT PROCESS
The stages of managing the enterprise-wide risk inherent in decisions
are simple.
• First, assess and analyze the risks resulting from a decision by
systematically identifying and quantifying them.
• Second, consider how best to avoid or mitigate them.
• Third, in parallel with the second stage, take action to manage
control and monitor the risks.

A. Risk Assessment and Analysis


B. Risk Management and Control
a. Avoiding and mitigating risks
b. Create a Positive Climate for Managing Risk
c. Overcoming the fear of risk
C. Controlling and Monitoring Enterprise-wide Risk
PRACTICAL TECHNIQUES TO IMPROVE
PROFITABILITY
Some practical techniques to improve profitability are as follows:

a)Focus decision-making on the most profitable areas;


b)Decide how to treat the least profitable products;
c)Make sure new products enhance overall profitability;
d)Manage development and production decisions;
e)Set the buying policy;
f)Consider how to create greater value from existing customers and
products to enhance profitability;
g)Consider how to increase profitability by managing people;
PRACTICAL TECHNIQUES TO ASSESS
PROFITABILITY

There are many techniques for assessing the likely profitability of an


investment. One of the most used is to apply discounted cash flows in
evaluating capital investment programs.

a. Avoiding pitfalls;
b. Financial expertise must be widely available;
c. Consider the impact of financial decisions;
d. Avoid weak budgetary control;
e. Understand the impact of cash flow; and
f. Know where the risk lies.
CHAPTER 13
OVERVIEW OF INTERNAL CONTROL
NATURE AND PURPOSE OF INTERNAL
CONTROL

Internal Control is the process designed and effected by those charged


with governance, management and other personnel to provide
reasonable assurance about the achievement of the entity’s objectives
with regard to reliability of financial reporting, effectiveness of
operations and compliance with applicable laws and regulations.
 
Internal Control System means all policies and procedures (internal
control) adopted by the management of an entity to assist in achieving
the management’s objective of ensuring, as far as practicable, the
orderly and efficient conduct of its business, including adherence to
management policies, the safeguarding of asset, the prevention and
detection of fraud and error, the accuracy and completeness of the
accounting records, and the timely preparation of reliable financial
information.
ELEMENTS OF INTERNAL CONTROL

The internal control system extends beyond these matters which relate directly
to the functions of the accounting system and consists if the following
components:

a. The control environment

Several factors comprise the control environment, including:


1. Communication and enforcement of integrity and ethical values
2. Commitment to competence
3. Participation by those charged with governance
4. Management‘s philosophy and operating style
5. Organizational structure
6. Assignment of authority and responsibility
7. Human resources policies and procedures
ELEMENTS OF INTERNAL CONTROL

b. The entity’s risk assessment process


 
Risk can arise or change due to circumstances such as the following:

a)Changes in operating environment


b)New personnel
c)New or revamped information systems
d)Rapid growth
e)New technology
f)New business models, products or activities
g)Corporate restructurings
h)Expanded foreign operations
i)New accounting pronouncements
ELEMENTS OF INTERNAL CONTROL

c. The information system, including the related business process, relevant


to financial reporting and communication

An information system consists of infrastructure (physical and hardware


components), software, people, procedures and data. Make information systems
make extensive use of IT
1. The information system, including related business processes, relevant to
financial reporting;
2. Journal entries;
3. Related business processes; and
4. Application to small entities.
ELEMENTS OF INTERNAL CONTROL

d. The control activities


The major categories of control procedures are:
1. Performance review
2. Information process controls
3. Physical controls

e. Monitoring of controls
Monitoring is the process that an entity uses to assess the quality of internal
control over time. Monitoring activities may include using information from
communications from external parties that may indicate problems are highlight
areas in need of improvement.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy