Risk - PowerPoint PPT Presentation


PPT – Risk PowerPoint presentation | free to download - id: 4e4386-ZTU5Y


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation



Risk General Definition: exposure to the chance of adverse effects or loss; a hazard or dangerous chance Examples of risks to a company: Erroneous Financial Statements – PowerPoint PPT presentation

Number of Views:235
Avg rating:3.0/5.0
Slides: 34
Provided by: Collegeo180
Learn more at: http://www.sba.pdx.edu


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Risk

  • General Definition exposure to the chance of
    adverse effects or loss a hazard or dangerous
  • Examples of risks to a company
  • Erroneous Financial Statements
  • Loss of money
  • Incorrect shipments
  • Damage to reputation/brand

  • Components of risk?
  • Threat
  • Likelihood
  • Exposure

  • General Definition Process of exercising a
    restraining or guiding influence over the
    activities of an object, organism, or system
  • Examples of controls in a company
  • Authorization of Journal entries
  • Bank account reconciliation
  • Use customer P.O. as pick list
  • Product quality reviews/analysis

Objective of Internal Controls
  • To reduce likelihood that a threat will come to
    pass and result in a unacceptable loss to the
    organization. (Mitigate risk)
  • NOTE The objective of Internal Controls
    incorporates the risk components.

How to achieve IC objective?
  • Identify risks inherent in company, industry,
  • Use risk components to assess the qualitative
    and/or quantitative value of risks identified
  • Determine Managements risk appetite
  • Identify and evaluate existing internal controls
  • Answer the question Do the existing internal
    controls mitigate the identified risk to the
    level management is comfortable with?

External Reporting Internal Controls
  • Established to provide reasonable assurance that
    financial information is
  • Prepared in accordance with GAAP
  • Not materially misstated
  • A fair representation of the activity of the
  • Supported by appropriate source documents and
  • NOTE Sarbanes-Oxley Acts main pervue

Internal controls
  • Based on the risk assessment and risk appetite
    determinations, a company can establish an
    appropriate internal control structure for their

Internal Control philosophy
  • Controls permeate, not dominate
  • Controls are everybody's, not just the
  • Controls are part of the operation
  • Controls are built into the system

  • Compensating controls-
  • Key controls-
  • Entity level controls-

IC Factors to Consider
  • Pressures against adequate IC
  • Lack of manpower
  • Cost (actual or perceived)
  • Reduction to productivity
  • Restriction to flexibility
  • Time constraints

Practicality and Internal Controls
  • Constant weighing of the risk associated with a
    process and the cost of implementing ideal
    controls. Remember theory and practice may not
    always coincide.
  • A less than ideal control can be appropriate
    depending on the companys business, managements
    risk threshold and compensating controls.

Types of Controls
  • Preventive Catches a problem before occurs
    high risk level
  • Detective Catches an issue after the fact high
    to medium risk level
  • Monitoring Catches an item after the fact,
    usually only high level (i.e. large dollar
    amount, percentage change, etc.) low risk level
  • Examples?

Internal Control Systems (i.e. structure/
  • Internal control structure
  • The methods a business uses to -
  • safeguard assets
  • provide accurate, reliable information
  • Comply with applicable laws and regulation (i.e.
    OSHA, FDA, GAAP, etc.)
  • promote and improve operational efficiency
  • encourage adherence to prescribed managerial
  • Basically, the internal controls put in place to
    mitigate the companies risks

COSO Internal Control Framework?
  • Guidelines developed by the professional
    organizations most directly involved
  • Recognized standard by the industry, including
    Sarbanes-Oxley regulations

COSO Internal Control Framework
  • Considers internal controls a process
  • effected by an entitys board of directors,
    management and other personnel
  • which provides reasonable assurance of achieving
    managements objectives in the following
  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations

5 Components of COSO IC Model
  • Control environment
  • -tone at the top
  • Risk assessment
  • -identification and analysis of risks
  • Control activities
  • -policies and procedures
  • Information and communication
  • -processing info for people to do their jobs
  • Monitoring
  • -assess quality of internal control over time

Enterprise Risk Management Model
  • ERM is a process,
  • effected by an entitys board of directors,
    management and other personnel,
  • Applied in strategy setting and across the
    enterprise, designed to identify potential events
    that may affect the entity, and manage risk to be
    within its risk appetite, to provide reasonable
    assurance regarding the achievement of entity
  • Moves from emphasis on risks relating to
    financial reporting and compliance to emphasis on
    ALL risks of the business
  • -examples?

ERM Framework vs. COSO Framework
  • ERM incorporates COSO IC Framework, not a
  • Adds three additional elements
  • Objective Setting
  • Event Identification
  • Risk Response
  • ERM recognizes that risks can be accepted,
    avoided, diversified, shared or transferred as
    well as being controlled.
  • COSO focuses on past problems and concerns. The
    ERM framework takes a risk-based, rather than
    controls-based, approach to the organization,
    oriented toward future and constant change.

(No Transcript)
The Internal (control) Environment
  • Commitment to integrity and ethics
  • Managements philosophy and style
  • Organizational structure
  • Audit committee and the board (function)
  • Methods of assigning responsibility
  • Human resources policies and practices
  • External influences

Internal Control Environment
  • BOD need to be active and involved
  • Necessary check and balance with management if
    they ask questions, scrutinize financials,
    oversee policy decisions/changes
  • Audit committee should exist (SOX requirement)

Objective Setting
  • Top management, with board approval, must
    articulate why the company exists and what it
    hopes to achieve (the corporate vision or
  • The objectives need to be easy to understand and
    measure, prioritized, and aligned with the
    companys risk appetite.
  • For each set of objectives, critical success
    factors must be defined and performance measures
    should be established.

  • Business threats (economic, environmental,
    social, political)
  • Internal or external
  • Occurs at wrong time, wrong sequence, wrong
    actors, wrong place
  • Information threats
  • Recording/Processing/Reporting
  • Tools for identifying

Risk Assessment - COSO
  • Determine threats to the company
  • Estimate probability of threat occurring
  • Estimate exposure from each threat
  • Identify set of controls to guard against threat
  • Estimate costs and benefits of implementing
  • Evaluate whether to put controls in place
  • Implement controls (including training)
  • Monitor

Risk AssessmentERM
  • Objective setting
  • What does the enterprise wish to do?
  • Event identification
  • What could go wrong?
  • Risk assessment
  • Likelihood of event, exposure, cost/benefit?
  • Risk response
  • Avoid, reduce, share, accept

Risk Assessment Response
  • Calculate expected loss
  • Determine costs of controls
  • Benefit reduction in expected loss
  • Consider special reasons for investing in control
    even when cost gt benefit
  • Risk appetite
  • Avoid, accept, share, reduce

Control Activities
  • Authorization of transactions
  • Segregation of incompatible duties
  • Independent checks on performance
  • Safeguarding assets and information
  • Design and use of adequate records
  • Management and review of activities

Communication and information
  • AIS objectives related to communication
  • Record all, valid transactions
  • Classify
  • Valuation
  • Periodicity
  • Presentation and disclosure
  • Risks?

  • Effective supervision, including for upper mgmt
    (i.e. BOD, Audit Committee, etc.)
  • Responsibility accounting
  • Internal auditing/SOX
  • Fraud controls (i.e. rotation of duties,
    mandatory continuous 1 week vacations, etc.)
  • Modifications management
  • Edit reports
  • Whistleblower system (SOX requirement)

Modifications (Change Management)
  • Risks and controls are not static. Neither is the
  • in which they operate. Effective internal
    control structure
  • requires monitoring of changes for potential
  • Events to monitor
  • Turnover
  • Control deficiency
  • IT system upgrade/replacement
  • Department restructuring

Overall IC considerations
  • Means to an end, standard controls are a
    guideline only
  • System - with goals, interrelated components
  • Managements responsibility
  • Requires competence, honesty, ethical behavior
  • Reasonable assurance, not perfection
  • Cost-benefit
  • Controls need context the company, what it
    stands for, what level of risk management is
    willing to tolerate, industry risks involved, etc.

IC Fact
  • People are key to the success of any Internal
    Control Framework.
  • An effective internal control system design will
    fail without
  • Support from management (tone from the top)
  • Effective communication to employees (policies,
    procedures and training)
  • Monitoring including an active and involved BOD
    and Audit Committee

Chapter 6 Problems
  • Problem 6.8
About PowerShow.com