chapter 11. the board is ultimately responsible for risk management oversee strategic risks,...
TRANSCRIPT
Monitoring and Reporting on Risk
Chapter 11
Board Risk
The board is ultimately responsible for risk management
Oversee strategic risks, operational risks, and financial risks
Many federal regulations have been put in place to evaluate risk management
The Board also presents a risk in Corporate Governance
Corporate Governance
The mechanisms and procedures that determine how corporations are run;
Medium to large corporations have separation of ownership and control, which means the corporation is owned by its shareholders but controlled by its board of directors and managers;
CG ensures that mgmt and the Board operate with the best interests of the owners in mind.
How to align the interest of Directors with those of Shareholders:
Incentive compensation Legal Liability Management reputation Takeover threats
Risk Management Reporting
Board risk committee Board audit committee Finance committee Chief risk officer (CRO)
Board Risk Committee
Implements the risk management process at all times and levels
Identifies risks Sets the company’s tolerance for risk Prioritizes risks to be handled
Chief Risk Officer
Executive in charge of overseeing the risk management department
Communicates with the board on risk decisions and policies
Audit Committee
Evaluates the company’s compliance to regulations and financial reporting standards
Focus on compliance with standards already in action
Work with internal and external auditors
Responsible for annual financial reporting
Internal Controls
Committee of Sponsoring Organizations of the Treadway Commission (COSO)
3 objectives: 1.Effectiveness and efficiency of
operations 2. Reporting 3. Compliance
COSO’s Five Components
Control Environment
Risk Assessment
Information and
Communication
Control Activities
Monitoring
Internal Controls Within a Company
The board sets policy and appoints authority for implementing the risk management objectives
The management of the risk department are responsible for creating internal controls to monitor risk
Employees support the risk management department
Auditors monitor compliance of the internal controls
Internal Control Linked to Risk Monitoring
Internal controls can indicate changes in risk
Productive risk monitoring uncovers risk while still manageable
Not every risk can be identified
Internal Audit Support to Risk Monitoring
The internal audit department assess the company’s success in completing their objectives
Evaluation and assessment Approve existing internal controls Ensures accuracy External auditors verify financial
reporting
Risk Management vs. Internal Auditors
Complementary functions Risk management pinpoints and
prioritizes risks then establishes plans to manage the risks
Internal auditors examine and investigate the internal controls put in place by the risk management
Risk-Based Auditing
3 Principles Audit to business objectives Materiality of the risk focus Identify threats to the success of the
business
Risk Assurance
Level of confidence in the risk management department as a whole
Reduces cost and increases value Several benefits
Control Risk Self-Assessment
CRSA: management tool designed to self-audit risk assurance within a certain area of responsibility
Evaluates effectiveness, focuses on goals and threats, and allows managers to get a better understanding of where the company is falling short and standing out
Risk Management Monitoring and Reporting
The flow of accurate information throughout the entire chain of command within the business is the focus
Timely and detailed User-friendly format is important