Board responsibility for internal control and risk management

Board responsibility for internal control and risk management

by

Kiattisak Jelatianranat

Chairman, The Institute of Internal Auditors of Thailand

Director, PricewaterhouseCoopers


3 1 May2000

1

pwc

2nd Asian Roundtable on Co rporate Governance

Responsibility VS Accountability

• Responsibility What, and Who will do ?

• Accountability How, and F or whom ?

……… . Both need independence an d objectivity Kiattisak Jelatianr

anat

pwc 2

3 1 May2000


Balanced Scorecard in Corporate Governance

pwc

• - Financial & non financial information.

• Equitable Treatment of stakeholders.

• Combination of Lagging and Lead ing Information.

• - Alignment of short term objectives


3

3 1 May2000


Balanced Responsibility …… legal & moral

pwc

• Create strategic vision

• Select CEO & Senior management

• Establish strategic, accountable information

• Independent, objective and comp - - etent oversight of day to day

operations

Board “core” responsibilities……….


4

3 1 May2000


Board Effectiveness

pwc

• Corporate governance framework

• Risk management system

• Internal control system

• Auditing

Board initiative & Ownership of :

Selection of CEO & senior management

Oversight of CEO & senior management to establish• Accounting system

• MIS

• Compliance program

• Operating systems


5

3 1 May2000


Why corporate governance matters ?

pwc

• Effective governance, and

• Proper communication with your stakeholders

Sustainable Growth

Pleasant Working Environ

ment

Substance

Form

Spirit


6

3 1 May2000


Searching for the upside of risk management

pwc

Value Chain VS Risk

Opportunity

Uncertainty

Harzard

Risk is any issue which could impact your ability to meet your objectives

base-line

EnhancementPreservationPrevention


7

3 1 May2000


Risk ………..

pwc

• Risk Assessment

- Identify

- Measure

- Prioritize

• Risk Management

- Assess adequacy of existing controls

- Develop a control improvement plan

- Create a continuous program for objectives, risk and control

assessment


8

3 1 May2000


Risk Management Action Options

pwc


9

3 1 May2000


OptionsOptions

Fix Controls

- Re EngineerProcessTrainings

Transfer Risk(Insurance) Outsource th

e Function -Do nothing Bet

Well-controlled Organizations

pwc

Key attributes of a well-controlled organization include :

# 1. Leadership of Board

# 2. Translation of strategic vision to day-to-day management

# 3. Communication of objectives & values to all levels

# 4. Individual accountability

# 5. Risk management system

# 6. Human resources reinforcement

# 7. Independent, objective and competent oversight


10

3 1 May2000


Risk & Control : The twin systems

pwc

• Define strategic risk

• Articulate risk philosophy

• Define values and behavioral expectations

• Assess risk

• Manage risk

• Assess existing controls

• Select control model

• Continuous communication

• Continuous program for ORC

• Develop a control improvement plan

… Operations are dynamic and evolving...

Communications&

Audit

Alignment

Control

Risk

Objective


11

3 1 May2000


Complexity of Value chain……..

pwc

• A board must have the capability to respond to and manage changes.

• “Risk Management” and “Business Control” are the first thing for any board consideration.


12

3 1 May2000


Internal Control Learned in Real World

pwc

• Focus on “Soft Control” in assessing all of COSO’s

“Five Components” and “Three Objectives”.

• Soft Controls are subjective in nature, thus self-assessment is

crucial for success.

• Implementation as an integral cultural change.

• Internal Control training is a “must”.

• Tailor practices to an organization to assure the surpassing

expected benefits from the implementation.


13

3 1 May2000


COSO’s Internal Control Definition

pwc

is a process, effected by an entity’s people (board of directors, management, and other personnel), designed to provide reasonable assurance regarding the achievement of objectives in the following categories :

• Effectiveness and efficiency of operations

• Reliability of financial reporting

• Compliance with applicable laws and regulations


14

3 1 May2000


Control Reality

pwc

• Focus on people and process, not merely policy manuals

and forms

• Require dynamic and interactive evaluation techniques.

• Verifying compliance with policies and procedures is

not sufficient


15

3 1 May2000


Five Components of COSO’s Control Framework

pwc


• Control Environment : The Foundation on which everything rests.

• Risk Assessment : Aware of and deal with the risks it faces.

• Control Activities : Actions identified by management as necessary to address risks to

achievement of objectives.

• Information & Communication: People to capture and exchange the information needed to conduct, manage

and control operations.

• Monitoring : React dynamically, changing as condition warrant.

16

3 1 May2000


From Backroom To Board Room

pwc


Organizations in the 21st Century must move internal control

issues from their “Backroom” (Operating Level) to “Board

Room” (the strategic level)

17

3 1 May2000


Internal Audit Paradigm Shift

pwc


Today internal auditors are management partners and consultants to add values to the organization.

………. No longer as a watch dog or a policeman

18

3 1 May2000


Internal Auditing Definition

pwc


1999 Definition :1999 Definition : Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

Traditional Definition :Traditional Definition :

Internal auditing is an independent appraisal function established within an organization to examine and evaluate its objectives as a service to the

organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost.

19

3 1 May2000


There is no alternative

pwc


Toward the new millennium environment :

Board of Directors and senior management have no

alternative not to be the leadership and ownership of systems

of risk management and internal control

20

3 1 May2000


Board responsibility for internal control and risk management

Documents

Transcript of Board responsibility for internal control and risk management