Understanding Risk
Can affect businesses'
bottom line
Risk professionals
Risk professionals organize risks involved in running the company to make better use of historical and forecasted information.Different structures probably allow for specialization of risk management, depending on the industry/activity of the organization.
Risk structure
taxonomy = organizational structure for knowledge
Hollander, Denna, & Cherrington
Risk Taxonomy
-strategic risk-decision risk-operating risk-financial risk-information risk
Brown's Risk Taxonomy
Hazard Risk
-directors' and officers' liability(idiocy on the executive level)
Strategic Risk
Concerned with executive & director behavior-legal/regulatory risk (breaking laws, failing to comply with regs)-Business strategy risk (poor decision making)
Operational Risk
-Systems risk (IT)-human error
Fianacial Risk
-market risk (stock prices, investment values, interest)-credit risk (nonpayment)-liquidity risk (too much $$ tied up in long-term assets)
Other risk taxonomies
-adequate documentation (changing rapidly in an increasingly paperless atmosphere)-backup of electronic files-bank rec-document matching-edit checks-insurance & bonding-limit checks-physical security-preformatted date entry interface-separation of dutiesmany others
Integrated framework
-control environment (executive support)-control activies(preventive, detective, corrective)-risk assessment-monitoring (ongoing assessment of IC performance)-information and communicaiton
Makeup
Financial Executives InstituteInstitute of Internal Auditorsinstitute of Management AccountantsAmerican Institute of CPAsAmerican Accounting Association
Purposes
1. safeguard assets2. ensure reliability of financial stmts3. ensure operating efficilency4. ensure compliance with mgmt's directives
Definition and elements
Internal Control:-is a process, subject to improvements and analysis-involves members of the organization and must take into consideration effects of behavior on the execution of the process as well as effects of the process on behavior-cannot provide absolute assurances, but with ongoing ananlysis and improvements, can reasonably assess situations-operates over a variety of departments and processes
Development
SOX
SARBANES-OXLEY ACT (2002)enacted in response to wave of financial fraud in 1980s-90s. makes mgmt accountable for assessing and maintaining internal controls
FCPA
FOREIGN CORRUPT PRACTICES ACT (1977)addresses issue of bribery and other illegal (in the U.S.) activities by requiring multinational organizations to implement sound internal controls