Monitoring and Reporting on Risk

Chapter 11

Board Risk

The board is ultimately responsible for risk management

Oversee strategic risks, operational risks, and financial risks

Many federal regulations have been put in place to evaluate risk management

The Board also presents a risk in Corporate Governance

Corporate Governance

The mechanisms and procedures that determine how corporations are run;

Medium to large corporations have separation of ownership and control, which means the corporation is owned by its shareholders but controlled by its board of directors and managers;

CG ensures that mgmt and the Board operate with the best interests of the owners in mind.

How to align the interest of Directors with those of Shareholders:

Incentive compensation Legal Liability Management reputation Takeover threats

Risk Management Reporting

Board risk committee Board audit committee Finance committee Chief risk officer (CRO)

Board Risk Committee

Implements the risk management process at all times and levels

Identifies risks Sets the company’s tolerance for risk Prioritizes risks to be handled

Chief Risk Officer

Executive in charge of overseeing the risk management department

Communicates with the board on risk decisions and policies

Audit Committee

Evaluates the company’s compliance to regulations and financial reporting standards

Focus on compliance with standards already in action

Work with internal and external auditors

Responsible for annual financial reporting

Internal Controls

Committee of Sponsoring Organizations of the Treadway Commission (COSO)

3 objectives: 1.Effectiveness and efficiency of

operations 2. Reporting 3. Compliance

COSO’s Five Components

Control Environment

Risk Assessment

Information and

Communication

Control Activities

Monitoring

Internal Controls Within a Company

The board sets policy and appoints authority for implementing the risk management objectives

The management of the risk department are responsible for creating internal controls to monitor risk

Employees support the risk management department

Auditors monitor compliance of the internal controls

Internal Control Linked to Risk Monitoring

Internal controls can indicate changes in risk

Productive risk monitoring uncovers risk while still manageable

Not every risk can be identified

Internal Audit Support to Risk Monitoring

The internal audit department assess the company’s success in completing their objectives

Evaluation and assessment Approve existing internal controls Ensures accuracy External auditors verify financial

reporting

Risk Management vs. Internal Auditors

Complementary functions Risk management pinpoints and

prioritizes risks then establishes plans to manage the risks

Internal auditors examine and investigate the internal controls put in place by the risk management

Risk-Based Auditing

3 Principles Audit to business objectives Materiality of the risk focus Identify threats to the success of the

business

Risk Assurance

Level of confidence in the risk management department as a whole

Reduces cost and increases value Several benefits

Control Risk Self-Assessment

CRSA: management tool designed to self-audit risk assurance within a certain area of responsibility

Evaluates effectiveness, focuses on goals and threats, and allows managers to get a better understanding of where the company is falling short and standing out

Risk Management Monitoring and Reporting

The flow of accurate information throughout the entire chain of command within the business is the focus

Timely and detailed User-friendly format is important