reference ppt.risk mgt

7/29/2019 Reference PPT.risk Mgt.

1/20

Board responsibility for internalcontrol and risk management

by

Kiattisak JelatianranatChairman, The Institute of Internal Auditors of ThailandDirector, PricewaterhouseCoopers

Kiattisak Jelatianranat 31 May 2000

1

pwc

2nd Asian Roundtable on Corporate Governance


2/20

Responsibility VS Accountability

Responsibility What, and Who will do ?

Accountability How, and For whom ?

. Both need independence and objectivity

Kiattisak Jelatianranat

pwc2

31 May 2000 2nd Asian Roundtable on Corporate Governance


3/20

Balanced Scorecard in Corporate Governance

pwc

Financial & non-financial information.

Equitable Treatment of stakeholders.

Combination of Lagging and Leading Information.

Alignment of short-term objectives


3



4/20

Balanced Responsibility legal & moral

pwc

Create strategic vision

Select CEO & Senior management

Establish strategic, accountable information

Independent, objective and competent oversight of day-to-day

operations

Board core responsibilities.


4



5/20

Board Effectiveness

pwc

Corporate governance framework

Risk management system

Internal control system

Auditing

x Board initiative & Ownership of :

x Selection of CEO & senior managementx Oversight of CEO & senior management to establish

Accounting system

MIS

Compliance program

Operating systems


5



6/20

Why corporate governance matters ?

pwc

Effective governance, and Proper communication with your stakeholders

Sustainable

Growth

PleasantWorking

Environment

Spirit


6



7/20

Searching for the upside of risk management

pwc

Value Chain VS Risk

Opportunity

Uncertainty

HarzardRisk is any issue which could impact

your ability to meet your objectives

base-line

EnhancementPreservationPrevention


7



8/20

Risk ..

pwc

Risk Assessment- Identify

- Measure

- Prioritize

Risk Management- Assess adequacy of existing controls

- Develop a control improvement plan

- Create a continuous program for objectives, risk and control

assessment


8



9/20

Risk Management Action Options

pwc


9


Options

Fix ControlsRe-Engineer Process

TrainingsTransfer Risk (Insurance)

Outsource the FunctionDo nothing-Bet


10/20

Well-controlled Organizations

pwc

Key attributes of a well-controlled organization include :# 1. Leadership of Board

# 2. Translation of strategic vision to day-to-day management

# 3. Communication of objectives & values to all levels

# 4. Individual accountability

# 5. Risk management system

# 6. Human resources reinforcement

# 7. Independent, objective and competent oversight


10



11/20

Risk & Control : The twin systems

pwc

Define strategic risk

Articulate risk philosophy

Define values and behavioral expectations

Assess risk

Manage risk

Assess existing controls

Select control model

Continuous communication

Continuous program for ORC

Develop a control improvement plan

Operations are dynamic and evolving...Alignment

Control

Risk

Objective


11



12/20

Complexity of Value chain..

pwc

A board must have the capability to respond to and

manage changes.

Risk Management and Business Control are the

first thing for any board consideration.


12



13/20

Internal Control Learned in Real World

pwc

Focus on Soft Control in assessing all of COSOs

Five Components and Three Objectives.

Soft Controls are subjective in nature, thus self-assessment is

crucial for success.

Implementation as an integral cultural change.

Internal Control training is a must.

Tailor practices to an organization to assure the surpassing

expected benefits from the implementation.


13


14


14/20

COSOs Internal Control Definition

pwc

is a process, effected by an entitys people(board of directors,

management, and other personnel), designed to provide

reasonable assuranceregarding the achievement ofobjectivesin

the following categories :

Effectiveness and efficiency of operations

Reliability of financial reporting

Compliance with applicable laws and regulations


14


15


15/20

Control Reality

pwc

Focus on people and process, not merely policy manuals

and forms

Require dynamic and interactive evaluation techniques.

Verifying compliance with policies and procedures is

not sufficient


15


16


16/20

Five Components of COSOs Control Framework

pwc


Control Environment : The Foundation on which

everything rests. Risk Assessment : Aware of and deal with the risks it

faces. Control Activities : Actions identified by management

as necessary to address risks to

achievement of objectives. Information & Communication : People to capture and exchange the

information needed to conduct, manage

and control operations.

Monitoring : React dynamically, changing as

condition warrant.

16


17


17/20

From Backroom To Board Room

pwc


Organizations in the 21st Century must move internal controlissues from their Backroom (Operating Level) to Board

Room (the strategic level)

17


18


18/20

Internal Audit Paradigm Shift

pwc


Today internal auditors are management partnersand

consultantsto add values to the organization.. No longer as a watch dog or a policeman

18


19


19/20

Internal Auditing Definition

pwc


1999 Definition : Internal auditing is an independent, objective assurance and consulting activity

designed to add valueand improve an organizations operations. It helps an

organization accomplish its objectives by bringing a systematic, disciplined

approach to evaluate and improve the effectiveness of risk management, control

and governance processes.

Traditional Definition :Internal auditing is an independent appraisal function established within an

organization to examine and evaluate its objectives as a service to the

organization. The objective of internal auditing is to assist members of the

organization in the effective discharge of their responsibilities. To this end,

internal auditing furnishes them with analyses, appraisals, recommendations,

counsel, and information concerning the activities reviewed. The audit objectiveincludes promoting effective control at reasonable cost.

19


20


20/20

There is no alternative

pwc


Toward the new millennium environment :

Board of Directors and senior management have noalternative not to be the leadership and ownership of systems

of risk management and internal control


reference ppt.risk mgt

Documents