最新Internl Control nd Risk Mngement(共44张PPT课件).pptx

《最新Internl Control nd Risk Mngement(共44张PPT课件).pptx》由会员分享，可在线阅读，更多相关《最新Internl Control nd Risk Mngement(共44张PPT课件).pptx（44页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、Internal Control and Risk Management1Thomas Henschel第一页，共四十四页。Learning ObjectivesTo appreciate current regulations of Internal Control and Risk ManagementTo understand that risk management is an integral part of corporate governanceTo appreciate the benefits of Enterprise Risk Management and control

2、ling risks2第二页，共四十四页。The role of the board and the integration of risk managementSource: Chapman, Enterprise Risk Management, Wiley, 2008, p. 7Risk and Opportunity ManagementPolicy review cycleOperations review cycleGovernance review cycleStrategy review cycleInternalExternalShort-termLong-termAccou

3、ntability-to the company-to owners-to regulators-to legislators-to other stakeholdersPolicy formulation-creating the vision-creating the mission-creating values-developing culture-monitoring the environ-mentStrategic thinking- positioning in the changing markets- setting corporate direction- reviewi

4、ng and deciding key resources- deciding the implemen-tation processSupervisory management- oversight management- monitoring budgetary control- reviewing key business results- ensuring business capability第三页，共四十四页。Internal control and risk management in contextHM TreasuryFinancial Services Authority(

5、FSA)Admission to listing and tra-ding on an RIE marketGuidance on Audit Committees (The Smith Guidance, 2003)Internal Control: Guidance for Directors on the CC, Turnbull Committee 1999Institute of Chartered Accountants in England and WalesFinancial Services and Markets Act 2000Trade securities on RI

6、E Market London Stock ExchangeUK subsidiaries of US listed companies Sarbanes-Oxley Act 2002Requires reporting on the effectiveness of internal controlsCOSOERM FrameworkListing RulesRisk ManagementAuditorsPublic Company (Issuer)Internal ControlAnnual Reports and AccountsDescribe compliance with the

7、provisions of the Combined CodeCombined Code of Corporate Governance July 2008 DerekHiggsReportRobertSmithGuidanceC.2 InternalControlCode Provision C.2.1C.3 Audit Comittee and AuditorsCode Provision C.3.2Source: Chapman, Enterprise Risk Management, Wiley, 2008, p. 42第四页，共四十四页。Composition of the Comb

8、ined Code 2008 and its relationship to the Turnbull guidanceCorporate GovernanceInternal ControlThe Combined Code on Corporate Governance, July 2008Internal Control: Guidance for Directors on the Combined Code, published by the Institute of Chartered Accountants in England and Wales in September 199

9、9A. DirectorsB. RemunerationC. Accountability and auditE. Institutional ShareholdersD. Relations with ShareholdersC.1 Financial ReportingC.2 Internal ControlC.3 Audit committee and auditorsfinancialoperationalcompliancerisk managementElements of a sound system of internal controlFacilitate its (the

10、companys)effective and efficient operation by enabling it to respond appropriately to significant business, operational, financial, compliance and other risks to achieve the companys objectives.Help ensure the quality of internal and external reportingHelp ensure compliance with applicable laws and

11、regulSource: Chapman, Enterprise Risk Management, Wiley, 2008, p. 35第五页，共四十四页。The Turnbull Report 1999The Combined Code (1998) dealt with internal control in Provisions D.2.1 and D.2.2. These became Provisions C.2 and C.2.1 in the Revised Combined Code (2003,2008)In these Provisions, the Code stated

12、 that company directors should conduct a review of the effectiveness of their internal control systems and report this information to shareholders. Turnbull provided an explicit framework for reporting on risk management6第六页，共四十四页。The Turnbull FrameworkSolomon et al. , 20077第七页，共四十四页。Defining intern

13、al controlDefinition of COSO (Committee of Sponsoring Organizations)Internal control is a process, established, operated and monitored by those charged with governance and management of a company, to provide reasonable assurance regarding the achievement of objectives in the following categories:a)

14、The effectiveness and efficiency of the companys operations;b) The reliability of its financial reporting;c) Its compliance with applicable laws and regulations.第八页，共四十四页。Internal control objectives (COSO)Sustaining the companys business operations (efficiency and effectiveness concerns)Preparing re

15、liable financial reporting (including financial statements)Compliance with applicable laws and regulations第九页，共四十四页。Components of a system of internal control (COSO)A system of internal control consists of five interrelated components: Control environment Risk assessment Control activities Informati

16、on and communication MonitoringEach component is relevant for each internal control objective第十页，共四十四页。Components of a system of internal control第十一页，共四十四页。Separation of functionsSeparation of functions (“segregation of duties”) as a preventive control measure It calls for the separation of the four

17、 basic functions of transaction processing Authorizing transactions Executing transactions Recording transactions Safeguarding resources resulting from consummating transactionsThe objective is mainly to provide an environment where fraud becomes difficult第十二页，共四十四页。Defining internal audit“Internal

18、auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisations operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, contr

19、ol and governance processes.”Institute of Internal Auditors第十三页，共四十四页。Internal audit processPrimary task: Examine and evaluate the adequacy and effectiveness of the internal control systemEvaluate the quality of performance in carrying out assigned responsibilitiesCan be considered to be part of the

20、 monitoring component of a IC systemIts scope potentially covers all activities within the company第十四页，共四十四页。Independence of internal audit Independence with regard to the acitivities they audit, is essential for the internal audit function Independence should be assured through: Organizational posi

21、tion and authority within the company Recognition of professional objectivity第十五页，共四十四页。Enterprise Risk Management: OverviewRisk AttitudesRisk Management Systems: ERMRisk and CultureRisk & ResponsibilitiesRisk Management Strategies16第十六页，共四十四页。Risk AttitudesPersonal ViewsShareholder demandOrganisati

22、onal influenceNational and Cultural influencesEntrepreneurial risk Uncertainty regarding market demand Uncertainty regarding own entrepreneurial ability17第十七页，共四十四页。Risk Management Systems: Enterprise Risk Management“ERM is the discipline by which an organisation in any industry assesses, controls,

23、exploits, finances, and monitors risks from all sources for the purpose of increasing the organisations short and long term value to its shareholders. The CAS Committee on ERMERM is a framework designed to ensure the consistent identification, assessment, evaluation and management of risks across th

24、e organisation. 18第十八页，共四十四页。Enterprise Risk Management: Key DriversMore and more complicated risksExternal pressuresPortfolio point of viewQuantificationRisk as an opportunity19第十九页，共四十四页。Benefits of ERMAlignment of risk appetite and strategyLink growth risk and returnChoose best risk responseMinim

25、ise surprise and lossesIdentify and manage risks across the organisationProvide responses to multiple risksSeize OpportunitiesRationalise Capitalhttp:/www.coso.org/Publications/ERM/COSO_ERM_ExecutiveSummary.pdf20第二十页，共四十四页。ERM: LimitationsSome events cant be foreseenBoard depends on management for c

26、orrect information Boards can blinkERM has been flawed historically because practitioners tended to pay a lot of attention to quantifiable risks 21第二十一页，共四十四页。Embedding risk awareness and assessmentRisk Culture: an integral part of embedding risk awareness and assessmentRisk policy statementRisk Reg

27、ister22第二十二页，共四十四页。Risk Management ResponsibilitiesThe Board: The boards role in managing risk is one of the most important. Emphasised in the Turnbull Report. Determining risk management strategy Policies on internal controls and seeking assurance on internal controls Monitoring risks23第二十三页，共四十四页。

28、Risk Management ResponsibilitiesRisk Management Committee If a risk management committee is not present under the combined code the audit committee will be responsible for risk management Are there advantages in having a separate risk management committee?Roles of the Risk Management Committee Appro

29、ving the risk management strategy and policyReviewing reports on key risks Monitoring overall risk exposure Providing early warning to the board Reviewing the companys statement on internal control 24第二十四页，共四十四页。Risk Management ResponsibilitiesRisk Management GroupInternal and External AuditLine Man

30、agers (Emphasised in the Turnbull Report)Staff (Emphasised in the Turnbull Report)25第二十五页，共四十四页。Risk Management ResponsibilitiesRisk Manager (as applied to ERM) Overall leadership for ERM Integrate RM across the organisationImplement RM policiesImplement a set of risk indicators and reports Dealing

31、with insurance companies Allocating economic capital to business activitiesReporting to the CEO (Some CROs have a direct reporting line to the board).26第二十六页，共四十四页。Risk Management StrategiesAvoidance of risko Will the possible savings from avoiding the risks be greater than not taking any measures a

32、nd running the risks?27第二十七页，共四十四页。Risk Management StrategiesReduction of riskWhat measures could you take to reduce the risk that suppliers do not deliver supplies of the required quality or do not deliver on time?28oContingency PlanningInformationResponsibilitiesPracticeoLoss ControlPhysical Devic

33、esAwareness and Commitmento Risk pooling and diversificationSystematic (market risk) and Unsystematic riskThe Capital Asset Pricing Model (CAPM)o Risk Hedging Commonly used in the area of currency and interest rate management第二十八页，共四十四页。Risk Management StrategiesAcceptance of risksoSelf-InsuranceoCa

34、ptive Insurance (A captive insurance company is, a subsidiary company formed to insure or reinsure the risks of its parent and / or associated group companies )CostFlexibilityClaims Management29第二十九页，共四十四页。Risk Management StrategiesTransfer of risko Hold Harmless agreementso Limitation of liabilityo

35、 Risk Sharing30第三十页，共四十四页。ERM framework5. Sources of Risk(internal to a business and emanating from the environment)4. Risk Management Process(incremental phases of an iterative process)3. Implementation(appointment of external support)1.Corporate Governance(board oversight)2. Internal Control(sound

36、 system of internal control)Risk IdentifikationRisk AssessmentRisk EvaluationRisk PlanningRisk ManagementAnalysisInternal ProcessesBusiness Operating EvironmentSource: Chapman, Enterprise Risk Management, Wiley, 2008, p. 10第三十一页，共四十四页。Levels within a corporate organisation CorporateStrategic Busines

37、sProjectRisk ManagementLong-term risks- low level of detail involvedShort-term risks- high level of detail involvedSource: Merna/Al-Thani, Corporate Risk Management, Wiley, 2008, p. 3第三十二页，共四十四页。Sources of market risk and opportunityMacro Marketing EnvironmentPoliticalCulturalDemo-graphicPhysical &

38、NaturalLegal & RegulatoryTechno-logicalEconomicCompetitiveSource: Chapman, Enterprise Risk Management, Wiley, 2008, p. 357第三十三页，共四十四页。Typical risk parametersSource: Merna/Al-Thani, Corporate Risk Management, Wiley, 2008, p. 11Susceptibility to Change or External Influences:opportunityupside or downs

39、ide resultDegree of Interdependency with other Factors of RiskSeverity of Impact (high/low): threat intensity (damage potential) continuously varying in terms of cost & timeProbability of Occurrence (high/low): Varying probability (0-1) Frequency (high/low)Risk第三十四页，共四十四页。Classification of strategy

40、riskStrategyObjectivesBusiness planNew business developmentResourcesStakeholder interestsCorporate experienceReputation- objectives- factors of production- reflects strategy- assumptions- currency- regulatory priorities- additional costs- IT failure- 3rd party providers- overheads- customer base- fr

41、aud exposure- resource needs- resource mismatch- ability of staff- equity debt- identified- assessed- reflected in business plan- markets- customers- suppliers/contractors- distribution mechanisms- products/services- risk/regulatory/legal context- brand protectionSource: Chapman, Enterprise Risk Man

42、agement, Wiley, 2008, p. 224Risk classification: element, attributes and features第三十五页，共四十四页。Classification of people riskPeopleHRM practicesSalariesRegulatory and statutory req.Staff constraintsStaff dishonestyRisk managementHealth and safety- liquidity- working conditions- job satisfaction- develo

43、pment and training- fairness of rewards- employee relations- contracts- maternity- discrimination- whistleblowing- dismissal- trade unions- recruitment- staff turnover- staff absenteeism- staff criticality matrix- fraud/deception- theft- concealment- culture- system- management- plant and machinery-

44、 fleet management- office accommodationSource: Chapman, Enterprise Risk Management, Wiley, 2008, p. 229Risk classifcation: element, attributes and features第三十六页，共四十四页。Classification of processes and systems riskProcesses and systemsControlsRegulatory and statutory req.ContinuityTransactionsComputer/

45、IT systemsKnowledge managementIndicators of loss- notification- trigger points- business objectives- quality- business continuity- meeting commitments- production processes- documentation- product variation- goods in transit- business alignment- network availability- data integrity- electronic data

46、security- system capacity- data recovery- intellectual property- establish indicators- review processSource: Chapman, Enterprise Risk Management, Wiley, 2008, p. 246Risk classification: element, attributes and features第三十七页，共四十四页。The value chain (Porter, 1991)Business InfrastructureHuman Resource Ma

47、nagementTechnology DevelopmentProcurementInbound LogisticsOperationsMarketing & SalesOutbound LogisticsServicePrimary activitiesSupport activitiesMarginMarginSource: Chapman, Enterprise Risk Management, Wiley, 2008, p. 432第三十八页，共四十四页。Typical summary of a risk register outputPriorityDescriptionProbab

48、ilityImpactOwnerKey DatesCurrent ActionsReview Date123xnSource: Merna/Al-Thani, Corporate Risk Management, Wiley, 2008, p. 73第三十九页，共四十四页。Risk matrix chartSource: Merna/Al-Thani, Corporate Risk Management, Wiley, 2008, p. 75PUPPIES(High Probability, Low Impact)Can do damage but little training to ens

49、ure not much trouble.TIGERS(High Probability, High Impact)Dangerous and need to be neutralised as soon as possible.KITTENS(Low Probability, Low Impact)Little attention needed as project can be tolerated.ALLIGATORS(Low Probability, High Impact)Dangerous but can be avoided with care.IMPACTPROBABILITY第

50、四十页，共四十四页。41LECTURE SUMMARY INTERNAL CONTROL AND RISK MANAGEMENTRisk Management Strategies and TechniquesRisk Management ResponsibilitiesEnterprise Risk ManagementInternal Control ConceptThe Turnbull Report 1999Link between Internal Control and Risk Management第四十一页，共四十四页。第四十二页，共四十四页。Captain Maurice