Vous êtes sur la page 1sur 28

Risk Management & Corporate Governance

Is Risk Management a Corporate Governance issue?

Board is responsible for protection of

company assets. Board must work to improve shareholders value, which is not possible without taking some risks. Not taking risks may be the biggest risk.

What is Risk?
Risk arises from uncertainty; but all

uncertainties do not carry risk. Possibility of an unfavorable outcome of an uncertainty is risk.

Why take risks?

Because you have to.
Because it brings rewards.

Risk Management Process

Risk Identification
Risk Assessment Selection of risk management techniques


Risk Identification
Risk profile of a company
Formal listing of all potential risks. External professional help

Risk is inevitable; however unfavorable

consequences of risk can be controlled.

Classification of Risk
Production risk
Risk of inputs Risk of outputs

Environmental risk
Political risk Economic conditions risk

Risk Assessment
Having listed all the potential risks, ask: How likely is it for any of these risks to actually materialize? What is the maximum possible loss that can arise from each of the listed situations? Can you stand that loss?

Risk Management Techniques

Risk avoidance Loss prevention and control

Internal controls

Internal Control
All that a company does internally to

protect its assets, ensure the proper conduct of its affairs and accuracy of its records. Risk management is not just part of protecting the assets of a company, it is an essential feature of proper conduct of its affairs.

Objectives of Internal Control

That the company pays only what

should be paid out That all incomes, expenses, assets and liabilities are properly recorded That the assets of the company are protected That the companys records are reliable


Tools of Internal Control

Defined Procedures

Physical (cash in safe, maintenance) Managerial (e.g. budgets, limits, approvals, etc.) Supervision Checks

Selection of right personnel


Setting Internal Controls

Document all procedures Train the staff Ensure that the procedures are being



Designing Procedures
Nature of work.
Extent of risk. Cost of procedure.

Facilitate work, not hamper it.

Compliance with laws, regulations Promote efficiency culture

Immediate notice of exceptions


Monitoring Internal Controls

The system should generate reports. Frequency of reports Adequacy of reports
Regular review of reports and action


Follow up. Investigation of major lapses


Internal Audit
Includes checking, analyses, appraisals,

recommendations, advice and information. Regular or Need based.


The internal auditor

Detects errors and frauds
Helps management correct errors and

minimize impact of frauds Helps improve controls.


Advantages of Internal Audit

Keeps workers alert
Timely detection of errors & frauds Enhances reliability of accounting and

supporting records Reduces external audit work


Types of Internal Audits

Regular, continuous internal audit Need based investigation Pre-disbursement and post-payment



Risk Management Reporting

Audit Committees Report Boards Statement on Internal Controls


Audit Committees Report

List significance risks; how they are

being identified, assessed and managed. Report on effectiveness of the systems put in place to manage these risks List of actions being taken to remedy significant weaknesses Comment on need for greater monitoring of procedures

Boards Statement on Internal Control

Essentially it is about status of internal controls, e.g.
There is an ongoing process for identifying,

evaluating and managing significant risks. It is being regularly reviewed by the Board. It is in accordance with Turnbull Guidance


Turnbull Report
Risk Assessment
Control Environment Control Activities

Information and Communication



Risk Assessment
Clear objectives, clearly communicated

to all concerned. Significant risks assessed regularly

Market risks Credit and liquidity risks Reputational risks, legal risks


Control Environment and Activities

Who controls? Are they independent?
Are controls/ authority/ responsibility/

accountability defined? Does company culture permit controls? Demonstration of will to control Communication to all concerned How are adjustments made when needed?


Information & Communication

Frequency and adequacy of reports

generated by internal control system. Who receives what report at what intervals? How reliable are these reports? What checks are in place to ensure reliability of these reports?




Thank you for your kind attention!

FACILITATOR Prof. Dr. Mohammad Majid Mahmood 0333-5188677, majidbagram@yahoo.com