internal audit corporate risk management
TRANSCRIPT
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 1/14
Internal Audit & Corporate
Risk Management
Risk management has come to beregarded as an essential element
of good governance, and as anintegral part of internal control.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 2/14
Definition of risk
Risk can be defined as either:
a threat to achieving corporate objectives oroutcomes, or
an opportunity to enhance or accelerate theachievement of corporate objectives.
"The chance of something happening that willhave an impact on business objectives."
"Risk arises as much from failing to capturebusiness opportunities as it does from a threat thatsomething bad will happen."
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 3/14
Definition of risk management
it is about making the most ofopportunities and about achievingobjectives once those decisions are
made
Controlling Risks
Transferring Risks
Living with Risks.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 4/14
The Turnbull report
Turnbull stated that a sound system of internalcontrol:
Includes both financial and operational controls;
Helps to safeguard stakeholder and company
assets;Contributes to the management of risks whichimpact on the achievement of business objectives;
Helps to ensure reliability of reports to
stakeholders;Is dependent on a regular evaluation of the risks towhich a company is exposed.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 5/14
General Principles of Risk
Management & Internal Audit
In some organisations internal audit isdirectly involved in the riskmanagement function of the business.
In other organisations internal audit isinvolved in reviewing this function.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 6/14
Risk Management Cycle
establish a business framework
identify all risks
measure risksdeal with risks
monitor arrangements.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 7/14
Risks may be identified from aseries of risk categories
political/policy
financial
health and safety
legal/regularity
corporate issues
commercial
operational
reputational.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 8/14
two key aspects of risk:
cause - who or what causes the exposureto happen. This can be a type of person(e.g. staff or public); an event (e.g. fire,
flood); or it can be the absence ofappropriate action;
effect - the logical outcome of the potentialrisk turning into an actual exposure. This
should be described qualitatively (e.g.additional cost, loss of income).
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 9/14
Measuring Risk
Impact Likelihood Probability
The organisation would notsurvive
Certain More than 80%
Major impact on theachievement of theorganisation’s business
plan and the quality of its overall services
Probable (likely tohappen eachyear)
50% - 80%
Significant impact on thesuccess of the businessand quality of its services
Possible (couldhappen in thenext three years)
25% - 50%
Some impact on theorganisation’s staff andminor effect on its clients
Unlikely (mayhappen in thenext five years)
5% - 25%
Insignificant impact on theorganisation or its staff
Remote Less than 5%
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 10/14
Deal with risks
accept;
reduce;
avoid;transfer.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 11/14
Example Format for Risk Matrix
Operational&
financialrisks
Managerresponsible
Methodof
dealingwith risk
Action Monitoringactivity &
outcome
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 12/14
Role of Internal Audit
It is fundamental that internal auditaddresses the organisation's mostsignificant risks. Internal audit will be
more effective if its view of theorganisation's most significant riskexposures is aligned with that of the
organisation's senior managers.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 13/14
Risk management is a vital aspect or dimension of
management and business planning
bottom up risk identification of significantissues at departmental level to ensure thatstaff are extensively involved in the
process and risk management becomes anaccepted dimension of planning
top down strategic review of risks from theBoard's perspective to ensure that all risks
to achievement of corporate objectives areidentified and action on most significantrisks is prioritised.
8/3/2019 Internal Audit Corporate Risk Management
http://slidepdf.com/reader/full/internal-audit-corporate-risk-management 14/14
benefits of adopting a formal approach to
corporate risk management
clearly identifying all the significant risks that theorganisation faces
setting the evaluation of these risks in the contextof the organisation's corporate objectives
prioritising risks to ensure that management andresources are focused on the critical areas
developing a suitable level of risk awareness bymanagers and staff
ensuring a positive attitude to risk managementand knowledge of the organisation's policytowards risk.