audit audit commite and risk management
DESCRIPTION
Risk Management, Audit Committee, Clasue 49TRANSCRIPT
TT
Audit, Audit Committee & Risk Management- Manoj Agarwal at Institute of Company Secretaries of India
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.2
• What is Risk• Risk Management• Classification of Risks• What is Audit• Audit Committee Role• Expectation from Risk Management
Agenda
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.3
Risk, in traditional terms, is viewed as a ‘negative’.
The Chinese give a much better description of risk
• The first is the symbol for “danger”, while
• the second is the symbol for “opportunity”, making risk a mix of danger and opportunity.
What is Risk?
“Risk- let’s get this straight up front – is good. The point of Risk management is not to eliminate it; that would eliminate reward. The point is to manage it – that is, choose to place bets, where to hedge bets, and where to avoid betting together.” - Thomas A. Stewart
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.4
Risk & Risk Management
In economic terms, profit is the reward for entrepreneurship or “Risk
Taking”
As a lay investor, our investment planning is based on risk
perception – bank deposits, life insurance, debentures and GoI
bonds, Mutual Funds, Shares, Private Equity….
Risk management is an attempt to identify, measure and
monitor risks– so as to manage uncertainty.
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.5
Risk Management
1Understand the nature and extent of risks facing the company
2 Understand the extent and categories of risks which it regards as acceptable for a company to bear
3 Understand the likelihood of risks concerned materializing
4 Company’s ability to reduce the incidence and impact on business of risks that do materialize
5 Costs of operating particular controls relative to benefits
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.6
Classification of Risks
Strategic
• A strategic risk is a risk that a company is exposed to when pursuing its business objectives, or likely loss arising from a poor strategic business decision. e.g. Too much dependence on one line of business; or a failed acquisition
Operational
• Operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. e.g. Frauds in Banking; Risk of poor planning e.g. Funds constraint
Compliance
• Risks a company is exposed to because of breach of law / regulatory requirement. e.g. Non compliance in foreign country due to ignorance.
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.7
The Need for Risk Management
• Complex, ever changing macro environment
• Sustainable, profitable growth to meet stakeholder expectation
• Trend towards greater transparency & enhanced levels of corporate governance
# Move from survival to competitive advantage
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.8
Eight Components of COSO ERM Model
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.9
Eight Components of COSO ERM Model
ERM Process
Objective SettingStrategic Objectives – Related Objectives – Selected Objectives – Risk Appetite – Risk Tolerance
Event Identification Events – Factors Influencing Strategy and Objectives – Methodologies and Techniques
Event InterdependenciesEvent Categories – Risks and Opportunities
Risk Assessment Inherent and Residual Risk – Likelihood and Impact
Methodologies and Techniques – Correlation
Risk ResponseIdentify Risk responses – Evaluate Possible Risk Responses – Select Responses – Portfolio View
Information & CommunicationInformation – Strategic and Integrated Systems – Communication
Monitoring Separate Evaluations – Ongoing Evaluations
Control ActivitiesIntegration with Risk Response – Types of Control Activities – General Controls
Application Controls – Entity Specific
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.10
Rank Risk
1 Regulation and compliance
2 Access to credit
3 Slow recovery or double-dipRecession
4 Managing talent
5 Emerging markets
6 Cost cutting
7 Non-traditional entrants
8 Radical greening
9 Social acceptance risk andcorporate social responsibility
10 Executing alliances andtransactions
Top 10 Risks–EY2010 Business Risk Report
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.11
Board Disclosures –Risk management (Clause 49)
1. It shall put in place procedures to inform Board members about the risk assessment and minimization procedures. These procedures shall be periodically reviewed to ensure that executive management controls risk through means of a properly defined framework.
2. Management shall place a report certified by the compliance officer of the company, before the entire Board of Directors every quarter documenting the business risks faced by the company, measures to address and minimize such risks, and any limitations to the risk taking capacity of the corporation. This document shall be formally approved by the Board.
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.12
What is Audit
The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, but similar concepts also exist in project management, quality management, and energy conservation
(source Wikipedia)
Audits are performed to ascertain the validity and reliability of information; also to provide an assessment of a system's internal control. The goal of an audit is to express an opinion on the person / organization / system (etc.) in question, under evaluation based on work done on a test basis.
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.13
Audit Committee
1. Company to constitute an audit committee with terms of reference
2. At least three members- two thirds independent
3. Chairman to be independent- must attend every AGM to answer shareholder queries
4. All members financially literate & at least 1 member to be accounting or related financial management expert
5. May meet with or without executives – generally CFO & CEO are invited
6. Must meet at least 4 times a year - quorum = greater of 2 members or 2/3rd and at least 2 independent
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.14
Audit Committee’s role – Clause 49
1. Oversee financial reporting process
2. Recommend to the Board the hiring and firing of statutory auditors and confirming their remuneration
3. Review the adequacy of internal control system
4. Reviewing the adequacy of structures, staffing and examining the scope of internal audit department
5. Discussing significant findings and follow ups with internal auditors
6. Review of financial and risk management policies
7. To review working of whistle blower mechanisms
8. Other functions specified in terms of reference
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.15
Review of information by Audit Committee
The Audit Committee shall mandatorily review the following information:
1. Financial statements and draft audit report, including quarterly / half-yearly financial information;
2. Management discussion and analysis of financial condition and results of operations;
3. Reports relating to compliance with laws and to risk management;
4. Management letters / letters of internal control weaknesses issued by statutory / internal auditors; and
5. Records of related party transactions
6. The appointment, removal and terms of remuneration of the Chief internal auditor shall be subject to review by the Audit Committee
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.16
Expectation from Risk Management
• Avoidance of Surprises• Effective evaluation of cost of control• Protection of the Reputation• Proper allocations of resources • Higher probability of meeting targets• More informed decision making• Recognizing opportunities and focusing on areas for
improvement
….Leading to competitive advantage
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.17
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.18
Risk awareness…
CAN’T MANAGE WHAT YOU DON’T SEE!
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.19
No Risk
No Gain!
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.20
Thank [email protected]
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.21
Management Discussion and Analysis report
This Management Discussion & Analysis should include discussion on the following matters within the limits set by the company’s competitive position:
1. Industry structure and developments.
2. Opportunities and Threats.
3. Segment–wise or product-wise performance.
4. Outlook.
5. Risks and concerns.
6. Internal control systems and their adequacy.
7. Discussion on financial performance with respect to operational performance.
8. Material developments in Human Resources / Industrial Relations front, including number of people employed.
Back
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.22
Training of Board Members
Company shall train its Board members in the business model of the company as well as the risk profile of the business parameters of the company, their responsibilities as directors, and the best ways to discharge them.
(Non Mandatory Requirement Clause 49)
Back
T5-Mar-2011 © ANB Consulting CO. Pvt. Ltd.23
Audit Committee reporting
Back
Inherent risk Control risk Overall riskArea 1 - Risk 1 - Risk 2 - Risk 3………
Med High Med - high
Area 2 - Risk 1 - Risk 2 - Risk 3………
Low Med Med - low
Area 3 - Risk 1 - Risk 2 - Risk 3………
High Low Med - high
Area 4 - Risk 1 - Risk 2 - Risk 3………
High High High
Audit Committee Heat Map- Provide internal audit view of
risks- Provide underlying basis of
ratings- Ratings drive the frequency of
audits
Explained above is a generic model – sophisticated scoring techniques could be used to arrive at ratings