LITERATURE REVIEW This chapter will explore the underlying theories that govern financial control, corporate governance

and risk management non-profit making organisations with special emphasis to Churches. Financial Controls The term Financial Controls has traditionally been taken to refer to monetary controls. It should be recognised that an all-encompassing term is Internal Controls. This term includes both the financial and non-financial controls. The researcher shall use these terms interchangeably and these will be taken to mean the same thing. Shiraz N (1997) notes that in its broadest sense, Internal Controls refer to both administrative and financial accounting controls. Definitions The College at Brockport State University at its website www.brockport.edu/ defined internal control as comprising of the coordinate methods that the business adopts in safe guarding its assets. This is done through checking the accuracy and reliability of its financial accounting information, promoting operational efficiency and encouraging adherence to prescribed policies. The definition according to bcorporation.net defines financial controls as a means by which an organisations resources are directed, monitored and measured. This definition is an all-encompassing one because it extends beyond issues relating to the financial accounting function in an organisation. Van Breda (1979) defines financial controls as a set of related dollar denominated variables used by management to control an organisation, and the resources used by the organisation. The committee of Sponsoring Organisations (COSO) of the Treadway Commission defined Internal Controls as processes that are instituted and effected by an organisations board of directors. This process provides some reasonable degree of assurance as the organisation endeavours to meet its organisational objectives. The definition extends to the effectiveness and efficiency of how the organisation executes its operations, the reliability of its financial reporting and the compliance with the laws and regulations. www.coso.org They note that internal controls do not provide obsolete assurance but reasonable assurance to the organisations board.

Whilst the Internal Control definitions sited above are limited to safe guarding of an entitys assets, the COSO definition extends to the achievements of objectives in the organisations different functions. According to the website www.deffsnotes.com, Internal Control is defined as a process that is designated to ensure effective and efficient operations whilst ensuring reliable financial reporting. It goes on to include as part of internal Controls the safeguarding of assets against theft and unauthorised use acquisition or disposal. Spencer Pickett (2005) noted that the purpose of any control system was in order to maintain a certain status quo. According to Spencer Pickett (2005), the Committee of Sponsoring Organisations (COSA) of the Treadway Commission suggested that internal controls:a) Keep Organisations on course towards, the achievement of their goals and their missions b) Helps, to minimise surprises. c) Enable the entity to respond to changes taking place in its operating environment. This includes the entitys competitors. d) Enable the organisation to achieve its mission e) Promotes effectiveness and efficiency f) Reduces or minimises the risk of losing an asset. g) Ensure that the financial reports remain reliable and that the entity complies fully with the laws and regulations.

Spencer Picket (2005) also alludes to the fact that poor controls lead to losses, scandals and failure. In that process the organisations reputation is damaged. He further advises put appropriate controls in place where there is a strong possibility of failure to achieve the Organisations objectives. He however argues that controls cost money. As a result a cost/benefit analysis has to be done to determine whether its worthwhile to implement such controls. This then depends on the risk profile of the entity and what is considers as acceptable or unacceptable to the entity and its stakeholders. In addition to the definition offered by Van Freda (1977) on Internal Controls he notes the importance of people in the system, who are involved in the establishment, maintenance, monitoring and evaluation of the controls. He also notes the third aspect of the process rules and procedures that govern the establishment, maintenance and monitoring of these variables.
2

Spenser Picket (2005) suggests that the purpose of any control system is to reach or attain a desired state or maintain that desired state. The author advocates, that control is about achieving the organisational objectives managing risk and maintaining things in balance. The author introduces a basic model of control in figure 1. Objectives

Inherent risks

Control Strategy

-------------------Achievements

Source: The essential Handbook of Internal Auditing by K. H. Spenser Picket (2005) The above diagram shows that organisations set clear objectives. According to the internal control model the organisation analyses and assess the inherent risks within the system, after identifying them the organisation then formulates the control strategies. These control strategies are derived from a wider risk management strategy according to Picket S (2005). Turnbull (2005) also highlighted that internal control systems encompasses policies, process, tasks, behaviours and other aspects of an organisation. These aspects facilitate an organisation to effectively and efficiently execute its operations. The organisation will also be able to respond appropriately to risks such as business, operational, financial, compliance and other risks which affect the organisations aim in achieving its objectives. Included in these objectives is the ability of the organisation to safeguard its assets and resources. These are safeguarded from events such as fraud, loss, or attachments as a result of unmanaged liabilities. Turnbull (2005) also notes that the internal controls ensure that both the internal external reports are of high quality. This can only be achieved through the maintenance of proper records and processes. These processes should generate reliable information which is not only timely but also relevant from both within and outside the organisation.
3

The Turnbull (2005) report also notes that internal controls should assist in ensuring compliance with applicable laws and regulations. Within the organisation the controls ensure that the internal policies are also complied with. Responsibilities According to the Turnbull, the board of directors of an entity is responsible for the system of internal control (para 15). The internal control must be effective in controlling risk in the manner approved by the entitys board. Turnbull (2005) also notes that the board sets the control policy direction of the organisation whilst management implements the policies. When implementing the controls management must consider the following:1. Determine the need for controls It is the role of management to establish specific situation that require internal controls and then it response to that accordingly. 2. Design Suitable Controls Management should then design appropriate internal controls for implementation. 3. Implementation of these controls The tactical team in the organisation should then carefully implement the internal control processes. 4. Check the internal controls for correct application Picket (2005) notes that management and not the internal audit should be responsible for ensuring that the whole organisation adheres to the control as per the original intention and that they are not being by-passed. 5. Maintain and update the controls Management should ensure that the controls are secured always. 6. Evaluation Picket (2005) considers the application of internal controls as an important part of management skills and training.

Types of Controls Picket (2005) categorised controls into four distinct classes. These were as follows:1. Directive This control according to Picket (2005) ensure that there is a clear direction and drive towards achieving the objectives stated. 2. Preventive These are controls out in place to ensure that a system functions as originally intended. 3. Detective This control according to Picket (2005) is supposed to pick up transaction errors that have passed undetected in the system. 4. Corrective This type ensures that any problem identified is rectified accordingly. Picket (2005) suggests that a combination of the above types is essential and this would address issues such as how management would get the right culture in an organisation to ensure that the risks are well appreciated and anticipated. How does management implement the specific measures that the organisation now understands? Management should have a feedback mechanism in place that assists in finding out if, despite the intervention of management, things are still wrong. Lastly how should the organisation plan in advance in order to address detected problems, particularly when the risk to the business is significant. Wooten et al (2005) writing in the Business Management journal noted that a number of high profile financial mismanagement in religious organisations had brought financial control in religious organisations to the attention of the public. They suggested that every church should be concerned about the financial affairs of their organisation in relation to their management or their mismanagement. They advised the church leadership to place the protection of the Church, its members and staff on the high priority lists. In their article entitled Internal Control is a good thing Wooten et al (2005) summarises the unique problems encountered by religious organisations.

They noted the over reliance of religious organisations on volunteer management services. They correctly pointed out that the most financial programs of Churches are supervised and overseen by volunteer treasurers, or finance committee. Quite often than not, these individuals may lack the necessary technical expertise and skill in the designing of internal controls and information systems development. Those religious organisations large enough to employ full-time accounting staff normally settle for book-keepers who have little analytical skills and training other than the daily accounting routines. Most religious organisations rely heavily on trust of their staff. Wooten et al (2005) are of the opinion that religious organisations believe that no one would purposely misuse or misappropriate the organisations money. This results in the leader paying little attention to the need of internal controls. They point out that leaders belief internal controls are unnecessary because their staff are not under the same pressure or temptation as those befalling the traditional for-profit organisations as a result, Wooten et al (2005) notes that the sense of trust and higher calling results in these religious organisations paying little attention on sound internal control policies. Concluding their perception of problems in religious organisations, Wooten et al (2005) also suggest that religious organisations generally receive their donations in the form of cash. They note that there is little follow up or specific expectation by the donor. They highlighted that without specific expectation or accountability concerning this cash, the volunteer staff grow a tendency of less diligence about internal controls and the uses of cash. Definitions According to Wooten et al (2005) internal controls are defined as the structure, policies and procedures established by the organisation to provide reasonable assurance that assets are safe guarded, information is reliable, operations are efficient and effective and policies are adhered to. Internal controls provide the boundary around the organisation processes ensuring that things are rightly done. Wooten et al (2005) highlights the common misconception that internal controls are there primarily to prevent fraud. Religious organisations are thus discouraged from implementing proper financial controls because of this misconception. Religious organisations generally trust their staff.

Wooten et al (2005) drew attention to the general misconception that the main purpose of internal control is to prevent fraud. According to them this misconception actually discourages religious organisations from implementing internal controls and developing internal control policies. Implementing these might appear to be untrusting. The real purpose of implementing sound controls is in order to prevent the staff from making errors or making questionable transactions. They noted that internal controls protect both the individual and the organisation. Wooten et al (2005), also noted that internal controls function within an environment. This they termed the control environment which is governed and regulated by the leaders of that organisation. The control environment included, the commitment of the leaders to excellence, integrity and competency of the organisation. They went on to describe the effects of the type of leadership to the type of internal controls implemented. An organisation with a strong management philosophy operating style and structure will invariably have a strong control environment and strong internal controls. This will cascade from the Board which will formulate strong internal control policies and procedures down to the employees. Strong internal controls will assist staff in making the right ethical decisions. According to Picket (2005) internal controls should be specific, measurable, achievable, results oriented and times. The Wooten et al (2005) concurs with other authors on the traditional mechanism that may be applied in practice. These include a written procedures manual. Wooten et al (2005) refers to a survey that indicated that 24 per cent of churches have a written manual. These manuals covered areas such as accounting and finance. They advised that religious organisations should have formally documented financial policies and procedures. Manuals assist in eliminating wrong interpretation of policies or any confusion that might arise on how things must be accomplished by the church employees. Manuals also assist in ensuring that there is consistent application of the practices of the organisation and that monies are handled consistently and without errors. This allows the organisation to formally adopt agreeable processes for administration and standard reporting of financial activities. Picket (2005) retort that organisations should set corporate standards as a high level control.

The standards should cover at least the following areas: Financial controls regulating, income and expenditure, cash and banking, general accounting, contracts and related financial matters. Human resources manual covering recruitment, staff training and development, performance management, discipline and grievance procedures. Procedures on purchasing of goods and services acquired by the organisation. Ethical code of conduct covering guidance on the treatment of gifts and hospitality. Standards covering the use of computerised system and security procedures.

As part of the traditional controls, Wooten et al (2005) reported that 80 to 90 percent of the churches they surveyed reported having a finance committee and adopting an annual budget. The churches adopted clear organisational structures, and clear goals and procedures. Picket (2005) point out that there should be clear reporting lines established links between accountability, responsibility and authorisation. Picket (2005) reported that traditional control mechanism include authorisation. This is the process of granting permission on behalf of the company. Another control mechanism is the implementation of physical access restrictions. These restrictions include the use of physical gates and locks, passwords for access to computers and other building security procedures. Supervisory controls ensure that staff is observed as they work by their first line manager. Supervisor also provides assistance to their subordinates. Compliance controls ensure that the organisation does its things in a proper and legal way. Wooten et al (2005) notes that the segregation of incompatible duties is a key aspect of internal controls. Churches should segregate the duties of authorisation, record keeping and custody. The person who buys goods, should not be in charge of keeping the records of the goods purchased. Those who prepare and post journal entries should not be given the responsibility of authorising payments as well. Those that prepare bank reconciliations should be kept away cash receipts and disbursements. Picket (2005) summarises this by stating that the segregation of duties control brings in more than one person during any one transaction.
8

Wooten et al (2005) emphasised the need to receive an annual audit from a qualified auditor. He highlighted that an audit would allow for an independent assessment of the financial position of the organisation. He notes that audit provide an assurance to the financial status of the organisation. In order to strengthen the internal controls systems of the organisation, the auditors are expected to make recommendations that strengthen the organisations control system. Wooten et al (2005) concludes by highlighting the importance of the use of computerised accounting software necessary to track and report financial results. According to Picket (2005), performance management is yet another key control necessary for organisation as it allows management to examine outputs and overall performances. The performance system should be simple, reliable, accepted by all, driven by the board, flexible, reflect accountabilities and forward looking based on the corporate vision.

Corporate Governance According to the Cadbury Committee (1992) corporate governances defined simply as a system by which companies are directed and controlled. The website www.searchfinancialsecurity.techtarget.com defined corporate governance as a term by which businesses are operated, regulated and controlled. This is through set rules, processes or laws. Corporate governance is also about relationships among the leadership of an organisation and its stakeholders. (Organisation for Economic Co-operation and Development 2004) according to the website www.applied-CorporateGovernance.com (2009) corporate governance is comprised of two major factors. a) The long term relationships concerning controls, that is, checks and balances, the relationships of management and investors and management performance incentives. b) The transactional relationships which deal with issues of disclosure and authority. According to his website, the relationships sited above are adversarial resulting in an attitude of mutual suspicion. This aspect is noted as the basics of much of the rationale behind the Cadbury Report. They noted that this reason formed the underlying foundation of the conduct of the board, i.e. consistency and transparency as they relate with the shareholders.
9

Tarnation (2008) agrees with other authors on this topic by noting that corporate governance addresses how both the private and public sector in terms of the processes, systems and controls of these organisations. Tarantino (2008) refers to the Latin origin of the word governance by noting that it refers to steering. He notes that governance has to do with a legal and a regulatory framework. He adds that it is about how the organisational resources are used to manage these institutions. Governance is also about the separation and segregation of ownership of an organisation and its control. Tarantino (2008) also highlights the relationship between the various stakeholders of an entity. These are relationships between those who govern and the governed such as the board of directors, its shareholders, its employees, suppliers and customers, the regulators and its community. Importance of Corporate Governance According to Mohammed (2004) in his working paper, The Importance of Effective Corporate Governance outlined the importance of effective corporate governance. He argues that corporations are a separate legal entity created by societies. He further argues that society benefits from their existence. As an extension to Mohamed (2004)s argument, this researcher goes on to note that Religious organisations contribute to the social and spiritual needs of the society which will in turn lead to improved standards of living and a more stable political system. Citing the work by Gregory and Simms (1999), Mohamed (2004) notes that the quality of corporate governance is important since it directly impacts on the following:a) The effectiveness and efficiency in which the assets of an organisation are employed. This is how an organisation maximises the usage of the resources. He notes that resources are scarce and that they will be deployed to those organisations capable of making use of those resources in the production of the goods and services. The usage of the resources ensure that societal needs are met. He further goes on to say that incompetent managers will be replaces. b) The quality of corporate governance also impacts on the organisations ability to attract low cost capital. Effective corporation lower cost of capital by instilling confidence that the investors resources will be put to good use as per the original intention. Managers should therefore be empowered to make strategies and decisions that align the organisation to the changes in the environment. Mohamed (2004) observes that when ownership is separated from control, managers tend to irresponsibly pursue overly risky or imprudent projects.
10

He therefore asserts that there should be guidelines, rules and regulations in place that assist management and also protect the providers of capital. He lists such measures as: (i) The monitoring of management by an independent body (ii) There should be transparency about performance, ownership and control of an organisation. (iii) Shareholders views should be incorporated in the decision making of fundamental issues. c) The ability to meet the expectations of society Mohamed (2004) observes that corporation that seek to maximise profits at the expense of societal expectations and environmental issues are most likely going to fail. He also goes on to suggest that for long term success, corporation must comply with the laws and regulations thus contributing to the civil society. d) Overall performance Effective corporate governance hold boards and managers accountable for the management of the organisational assets. Mohamed (2004) notes that the factors listed above should lead to improved corporate performance and reduced corruption in the organisation. Effective corporate government discourages corrupt practices to take root in the company.

PRINCIPLES OF CORPORATE GOVERNANCE According to Tarantino (2008) there are generally accepted principles of corporate governance which have been widely accepted over time. a) Rights & Fair Treatment of Shareholders According to Tarantino (2008), organisations should respect the rights and concerns of the shareholders. Mohamed (2004) states that corporate governance should assist in protecting the rights of all shareholders. These rights include the right to participate in important decisions of the organisation such as the election of directors, or mergers or acquisition decisions. There should be laws, procedures regulations and practices that protect both the ownership and property rights of shareholders as well as the right to transfer their shares. Good corporate governance should ensure that all shareholders, both local and foreign, major and minority shareholders, have the opportunity to seek redress in cases of violation of rights. Mohamed (2004) explains that there should be laws that protect the rights of minority shareholders from misappropriation of assets by management or abuse by the major shareholders.
11

b) The Roles and Responsibilities of the Board of Directors The board of directors should be comprised of skilled and focused members with a different array of expertise and experience. According to Tarantino (2008) there should be a healthy mix of both the executive and non-executive directors who both should have strong credentials to lead the organisation. He suggests that the posts of the Chief Executive Officer and the board Chairman should not be held by one person. According to Mohamed (2004), directors have the responsibility to ensure that the corporate they lead abide by the rules and regulations of the countries they operate in. He notes that where these regulations advocate for minimal expectations, corporations should be encouraged to act responsibly and ethically. Corporates are expected to go beyond the legal requirements by providing for health care or environmental friendly technologies. There are practices which are not illegal but undesirable which corporates should avoid. c) Ethics and Professional Behaviour Tarantino (2008) suggests that corporates should go beyond formulating a code of ethics to ensuring that a culture of compliance to the ethics is implemented. The board should set the ethics culture of the organisation and they should reinforce this by actions on the ground. d) Transparency and Disclosure According to Tarantino (2008) companies should have strong and well document processes and internal controls that assist in providing transparent financial reports. Mohamed (2004) advocates for the use of internationally accepted accounting standards which insist on full disclosures to be made and hence assist users of the financial reports to make well informed decisions as well as draw comparisons with other companies on financial performance. Mohamed (2004) also state that good corporate governance dictates that timely and accurate disclosures be made on all material matters affecting the organisation and its operations. This includes its financial status material risk exposure, performance, ownership and governance of the company.

12

Both authors highlight the importance of independent audits which are conducted at least annually. Internal and external auditors should be qualified and strong enough to provide frank audit reports. Tarantino (2008) also advocates for the use of whistle-blowers to assist in unearthing fraud or errors in financial reports. e) Internal Controls Tarantino (2008) draws attention to the relationship between internal controls and corporate governance. He sights that internal controls are important components to all facets necessary in improving corporate governance. He notes that controls which impact on financial reporting is included in corporate governance.

CORPORATE GOVERNANCE MODELS According to Tarantino (2005) the three corporate governance models, these being:a) The Anglo-American model b) The Coordinated model c) The Family-Owned Company model He notes that the Anglo American model gives priority to the interest of shareholders. This is turn translates into strong pressure to grow profitability, be competitive and innovative. This model places more interest in the shareholders and less emphasis on the interest of management, employees, customers, suppliers, and the community. The model is centred on a powerful Chief Executive and a hands-off shareholder relationship, with the board providing stewardship. Tarantino (2005) notes that the U.S.A scandals in the 1990s extended the boards responsibility beyond the traditional stewardship role. The coordinated model on the other hand places its emphasis on the interest of management, employees, customers, suppliers and the community in general. The shareholders consent or comply passively or without protest. Tarantino (2005) notes that this model results in an incremental growth in profits and innovation. The growth in profits is slower. This model leads to less corporate failure in the areas of ethics and morality. This model is more prevalent in Europe and Japan. The family-owned company model is more prevalent in Asia and Latin America. This model is centred on powerful families who at times control a majority of public companies. Transparency is generally viewed as giving away financial and strategic information to the competition and regulators.

13

According to the King III Report on governance for South Africa. The code of Governance principles for South Africa (2009) the corporate governance philosophy revolves around three aspects a) Leadership b) Sustainability c) Corporate Citizenship The report identifies effective leadership as an essential component of corporate governance. This leadership should be characterised by ethical values of responsibility, accountability, fairness and transparency. The report also highlights the importance of the interconnectivity of business society and nature in order to achieve sustainability of the organisation in the operating environment. Companies are separate legal persons who should operate in a sustainable manner. The King III report applies to all entities whether in the private, public or non-profit sectors. The principles and the code should be applied to all the entities. According to the report there are principles that form best practice guidelines. These standards of governance, although not legislated, might render the board or director liable at law. Ethical Leadership and Corporate Citizenship There are several principles that report list under ethical leadership and corporate citizenship. The report states that the board should provide effective leadership based on an ethical foundation. Effective leadership should be guided by the principles of fairness, accountability, ethical values and transparency. The board should ensure that the organisation is and is perceived to be a responsible corporate citizen. The board should consider the impact of the organisation and its operations on the society and its environs. The operations should be guided by the Constitution and Bill of Rights and embark on measurable corporate citizenship programmes. This includes the adoption of economic, social and environmental issues in the business strategy of the organisation. The King III notes that the board should ensure that the companys ethics are managed effectively. The board should build a sustainable ethical culture both on the formal and informal sector. The organisations ethics performance should be reported and disclosed. Rewards should be given as recognition of the implementation and adherence to the code of conduct and ethics.

14

Boards and Directors The King III suggests that the board should act as the focal point for and custodian of corporate governance. This includes the adoption of a board, the number of times it should meet annually, its relationship with management, and other stakeholders. The board should also appreciate that the organisational strategy, risk, performance and sustainability are components of the business that are inseparable. This means that the organisational strategy should be aligned to the risk profile of the organisation whilst satisfying the interests and expectations of stakeholders in the same process. The King III rightly points out that the board should provide effective leadership with the code of conduct and ethics being the foundation binding the behaviour of the board. The board should act in the best interest of the organisation. Directors should disclose their interest should there be a conflict of interest. They must act and abide by legal standards of conduct. The King III also advocates for an independent audit committee which ensures that integrity of financial reports and internal controls. The report recommends an independent audit committee which fulfils transparency, a vital aspect of corporate governance. An Audit Committee assist in the identification and management of risk. The audit committee composition, purpose and terms of reference must be approved by the board. The report also suggests that the audit report should meet with the internal and external auditors in the absence of management, at least once a year. The report also recommends that the audit committee members should be suitably skilled and experienced independent non-executive directors. This committee should be chaired by an independent non-executive director. For transparency sake, the board chairman should not chair the audit committee nor be its member. According to the King III report, the audit committee should oversee and have regard to all factors and risks that may impact on the integrity of the integrated report whilst also ensuring that a combined assurance model is applied to provide a coordinated approach to all activities relating to assurance. The combined processes are aimed at maximising control efficiencies. The combined assurance should be appropriate in addressing all significant risk the organisation might face.

15

The report also advises that the audit committee should be satisfied that finance function is manned by appropriate expertise, with the requisite experience and resources. An annual review should therefore be taken and the necessary disclosures made in the integrated report. The audit committee should oversee the internal audit function and approve the internal audit plan. The audit function should in turn be subject to an independent quality review. The audit committee should also have oversight over the following: Financial report risks Internal financial controls Fraud in relation to financial reporting I.T. risk in relation to financial reporting

It should also recommend to the board, the appointment of external auditors. The committee must approve the terms of reference of the external auditors, their engagement and remuneration. It is also the duty of the audit committee to report to the board and the shareholders on how it has discharged its mandate. Governance of Risk The King III report places the responsibility of risk management squarely in the hands of the board. The board should formulate the risk policy and plan for a system and process of risk management. The boards risk management policy document should be disseminated throughout the organisation, and the board should review the implementation of this policy at least once per year. The report also advocates that the board should determine the risk tolerance of the organisation. This should be reviewed annually to ensure that the organisation is operating with in the risk tolerance and appetite levels. The board can appoint a risk committee or place its risk management responsibilities to the audit committee. It is the responsibility of that committee to consider the risk management policy and plan and monitor the risk management process of the organisation. This committee should convene at least once year. The implementation of the risk management policy should be delegated to management. Management should in turn design, implement and monitor the risk management plan. Risk assessments should be performed on a continual basis, through a systematic, properly documented and formalised risk assessment method. The formal framework and methodology should increase the probability of anticipating unpredictable risk.
16

Risk Management Crouhy et al (2006) highlighted that the future is fraught with uncertainties. They noted that impossibilities of successfully predicting the outcomes of interest rates, stock market prices or exchange rates. Despite this difficulty, the need to manage these uncertainties cannot be over emphasized. They asserted the new ability to be able to identify risk, measure it, appreciate the consequences and take the necessary action so as to either transfer the risk or mitigate it. This sequence of events was illustrated clearly and diagrammatically. The Risk Management Process
Identify Risk Exposures

Measure and Estimate Risk Exposure

Find Instruments and facilities to shift or trade risks

Assess Effects of Exposure

Assets Costs and Benefits of Instruments

Form a Risk Mitigation Strategy Avoid Transfer Mitigate Keep

Evaluate Performance

Source: Crouhy et al (2006)

17

Though this sequence is simple and formal, Crouhy et al (2006) noted that it rarely runs smoothly in practice. They argued that sometimes the identification of risk may pose a major challenge to one risk manager whilst the ability to transfer of risk might be the defining aspect that makes one risk manager better than the other. According to the Standard ISO31000 Risk management Principles and guidelines on implementation, risk management is the systematic application of management policies, procedures and practices to the task of analysing, evaluation and controlling of risk. Head (2009) brings into his definition management aspects by stating that risk management is a process of planning, organising, directing and controlling resources. This process is in order to achieve given objectives when there is a possibility of surprisingly good or bad events. He notes that the risk management process comprises of the following basic steps:1. 2. 3. 4. Evaluating loss exposures Appraising the feasibility of alternative risk management techniques Establishing a risk management program Adapting to change.

According to the Risk Management Standard (2002), risk management protects and adds value to an organisation through the following:1. Supporting the organisations objectives by ensuring that future activities take place in a consistent and controlled manner. 2. Better insight in formulating well informed decisions, planning and prioritisation through comprehensive and structured understanding of business activities, volatility and project opportunity/threat. 3. More efficient allocation and use of resources within the organisation. 4. Ensuring that there is reduced volatility in non-essential areas of the organisation. 5. The protection and enhancing of the assets of the organisation as well as protecting its image and reputation. 6. Developing and supporting people and the organisations knowledge base. 7. Optimising operational efficiency.

18