Académique Documents
Professionnel Documents
Culture Documents
GOVERNANCE,
and
RISKS MANAGEMENT
CONTROL, GOVERNANCE,
and RISKS MANAGEMENT
3. CONTROL ACTIVITIES
• are the policies and procedures helping to ensure that
management directives are executed and actions are taken
to address risks affecting achievement of objectives.
• Elements of control activities
• "Policy" establishing what should be done; and
• "Procedures" to effect the policy
COMPONENTS OF CONTROL
• AS TO NATURE:
1. Financial or accounting controls
2. Administrative controls
CHARACTERISTICS OF
EFFECTIVE CONTROL
1. Economical
2. Meaningful
3. Appropriate
4. Congruent
5. Timely
6. Simple
7. Operational
CORPORATE GOVERNANCE
• Governance is defined in different ways, such as
"governance" is the combination of processes and
structures implemented by the board to inform, direct,
manage, and monitor the activities of the organization
performed to achieve objectives.
• "Governance" is also defined as the process conducted by
the board of directors to authorize, direct, and oversee
management toward the achievement of the organization's
objectives.
Key points regarding Governance
should be noted:
1. Governance begins with the board of directors and it's
committees.
2. The board must understand and focus on the needs of key
stakeholders.
• Types of stakeholders:
• Direct stakeholders
• Indirect stakeholders
• Influencing stakeholders
3. Day-to-day governance is executed by management of the
organization
4. Internal and external auditors provide management and the
board with assurances regarding the effectiveness of
governance activities.
ROLE OF INTERNAL AUDIT
ACTIVITY
• Promoting appropriate ethics and values within the
organization
• Ensuring effective organizational performance management
and accountability
• Communicating risk and control information to appropriate
areas of the organization
• Coordinating the activities of and communicating
information among the board, external and internal auditors,
and management
DETAILED RESPONSIBILITIES
OF THE AUDIT COMMITTEE
• 1. Ensuring that financial statements are understandable, transparent, and
reliable.
• 2. Ensuring the risk management process is comprehensive and ongoing,
rather than partial and periodic.
• 3. Helping achieve an organization-wide commitment to strong and
effective internal controls, emanating from the tone at the top.
• 4. Reviewing corporate policies relating to compliance with laws and
regulations, ethics, conflicts of interest, and the investigation of
misconduct and fraud.
• 5. Reviewing current and pending corporate-governance-related litigation
or regulatory proceedings to which the organization is a party.
• 6. Continually communicating with senior management regarding status,
progress, and new developments. As well as problematic areas.
• 7. Ensuring the internal auditors' access to the audit committee,
encouraging communication beyond scheduled committee meetings.
• 8. Reviewing internal audit plans, reports, and significant findings.
• 9. Establishing a direct reporting relationship with the external auditors.
ENTERPRISE RISK
MANAGEMENT (ERM)
• ERM helps align the risk appetite of the organization with
its strategy, enhances risk response decisions, reduces
operational surprises and losses, identifies and manages
cross-enterprise risks, provides integrated responses to
multiple risks, helps the organization seize opportunities,
and improves the deployment of capital.
Key points that must be understood to
have a better understanding and
appreciation of ERM such as:
• 1. Internal Environment
• 2. Objective Setting
• 3. Event identification
• 4. Risk assessment
• 5. Risk response
• 6. Control Activities
• 7. Information and Communication
LIMITATIONS OF ERM
• A) Risk relates to the future which is uncertain.
• B) ERM provides information about risks of achieving
objectives but it cannot provide even reasonable assurance that
objectives will be achieved; and
• C) ERM cannot provide absolute assurance with respect to any
of the objective categories. Specific limitations include the
following:
• The effectiveness of ERM is subject to the limitations of the
ability of humans to make judgments about risk and impact.
• Well-designed ERM can break down
• Collusion among two or more individuals can result in ERM
failures.
• ERM systems can never be perfect due to cost-benefit
constraints.
• ERM is subject to management override.