cgma - risk questions print
TRANSCRIPT
-
7/27/2019 CGMA - Risk Questions Print
1/14
Risk questions
a CGMA should ask relating
to process innovation
CGMA
tools
-
7/27/2019 CGMA - Risk Questions Print
2/14
Risk questions a CGMA hld a rlag prc va2
tw wr m prg accg b, AiCPA a CiMA, av rma j vr ab Carr Gba Maagm AccasM (CGMA)ga va a b rcg pr maagm accg.t raa ga rcg m a a cmm maagm
acca w cp a rv rg b prrmac. CGMAga r ar r CPA w ayg maagm accg xprcr aca r w mmbr Carr i Maagm Acca.
-
7/27/2019 CGMA - Risk Questions Print
3/14
Risk questions a CGMA hld a rlag prc va1
Risk questions A CGMA should AskRelAtinG to PRoCess innoVAtion
Innovation is widely regarded as an important driver o business value. Yet thedrivers are many and can be aected by global events, regional occurrences,industry specic regulations or unique corporate/organisational challenges.
Process innovation is about doing things a better way;
either through developing new processes and deliverymethods or nding radically dierent ways o doingbusiness. This can be as simple as redening a keystep within a manuacturing unction, or as complex
as a complete restructuring o the organisation.
Technology is oten the change trigger, an examplebeing the game-changing eect o e-commerce upon
book and music retail.
There is no doubt that innovation is exciting and has
great potential or increasing competitive advantage but as CGMAs we need to understand both sides othe story. What are the key risks that a new processbrings to your organisation? How can YOU achieve
the greatest eciency benet while at the same timeensuring that you have addressed the related risk
actors? This paper sets out a ramework or CGMAsto work through, identiying the key questions that will
enable your organisation to establish a risk appropriatelevel o innovation.
An organisations tolerance or risk, as dened by
COSO1 is:
...the acceptable level o variation in perormancerelative to the achievement o objectives.
Setting tolerance levels in support o strategic
objectives is:
...a precondition or determining risk response andrelated control activities.
This includes ocusing the objectives in the areas ooperations, external nancial reporting, external non-
nancial reporting, internal reporting and compliance.
How can we encourage the building o value throughinnovation, while managing the associated risk?
Although risk is a subjective area, heavily infuencedby organisational risk appetite and culture, theollowing approach will help CGMAs map risk and
identiy broad risk response areas. A more specicresponse can then be developed using internalknowledge.
Risk category Examples
Operational risks relating to the activities carried outwithin an organisation. May include systems, people,
products and processes.
Business interruption during implementation Human error
Process design ailure
Financial risks can sometimes be outside anorganisations control, but can oten be infuencedby its actions.
Th t o xhg t ttio ooverseas operations
Hvig iit h to t obigtio
Environmental risks arising rom changes in the political,economic, social and nancial environment. Includesstrategic risk.
Game-changing competitor innovation Natural disaster aecting supply chain Poorly inormed senior management decisions
Organisational risks relating to the behaviour oindividuals and groups within the business.
Failure to consider the impact o process changeupon sta
Reputational risks aecting the way in which theorganisation is viewed by its stakeholders.
Unoreseen operational issues leading to losso customers and market share
-
7/27/2019 CGMA - Risk Questions Print
4/14
Risk questions a CGMA hld a rlag prc va2
The rst step is to identiy the risks that can be
addressed through innovation. One approach to thisis through environmental analysis, which essentiallyasks the question whats going on?, both nowand in the uture. The discussions that have been
occurring within your organisation, whether asaterthoughts rom a meeting, in the boardroom, orormalised as strategic teams, are already dening
whats going on. From this, innovative responsescan be developed.
What industry are we in?*
What has changed in the industry were in?
What has changed within our organisation/
department/etc.?
What are we doing to keep up with the change?Is our approach proactive or reactive?
What are our competitors doing?
How has what weve addressed thus ar impactedoutcomes?
Which new products have we/our competitorsdeveloped or produced within the past year?
What new processes have we/our competitorsimplemented or ceased within the past year?
It is essential that this scanning process is carried outon a regular basis, to monitor or new risks arisingand changes to existing risks.
A guidance paper on risk appetite and tolerance can be ound at
http://www.theirm.org/publications/documents/IRMRiskAppetiteFullweb.pdf
For the latest news and views on risk and
innovation, visit the CGMA risk spotlight:
http://www.cgma.org/Resources/Pages/
risk-and-innovation.aspx
*What industry are we in?
On the ace o it, the answer to this question
may seem obvious. However, long-established
rms have allen victim to bankruptcy as a
direct result o not understanding wider industry
boi. Th hotoghi ti
company Kodak, developed one o the rstdigital cameras in 1975. Amid ears that the
new technology would cannibalise sales o
their core lm products, the camera was never
taken to market. Kodak missed out on an
enormous business development opportunity
through considering themselves to be in the
narrow photographic lm industry, rather than
a wider industry relating to image making and
storytelling.
http://www.theirm.org/publications/documents/IRMRiskAppetiteFullweb.pdfhttp://www.cgma.org/Resources/Pages/risk-and-innovation.aspxhttp://www.cgma.org/Resources/Pages/risk-and-innovation.aspxhttp://www.cgma.org/Resources/Pages/risk-and-innovation.aspxhttp://www.cgma.org/Resources/Pages/risk-and-innovation.aspxhttp://www.theirm.org/publications/documents/IRMRiskAppetiteFullweb.pdf -
7/27/2019 CGMA - Risk Questions Print
5/14
Risk questions a CGMA hld a rlag prc va3
The next stage is to understand the potential impact
o the risks related to our new process, and whatis at stake should the risk arise. I the impact issignicant, we need to ask the questions what doesthis mean for us? and what must we do?
What are the eects i implementation succeeds, orails?
How will we react to ailure? What is plan B?
I we succeed, is the change sustainable? I it is ashort-term x, what is the long-term plan?
How would the change impact our current businessmodel, strategies, etc.?
Do we need a NEW process, or can we adapt an
existing one or a similarly robust result?
Is the change best done internally or with a 3rd party?Which is more appropriate in terms o resources?
Can parts o process, etc. be implemented? Or can itbe implemented in phases?
Are the controls intended or this change already inexistence? Can we place reliance on something wealready have?
We also need to consider the resource implicat ions:what will it cost?
What existing resources do we have? (time,people, tools)
What are the costs and benets o managing thenew process?
What is the ultimate cost in time, resources, andmoney? Is this viable?
Can we control the associated risks withoutcompromising quality/strategy/reputation?
Finally, consider organisational tolerance or thisspecic risk, and how success and ailure will bemeasured.
There is more than one way o mapping risk; theCGMA tool How to communicate risks using a heat
map2 details one approach. In this example, wewill map and prioritise the risk using a likelihood/
consequences matrix and the TARA (Transer,Accept, Reduce, Abandon) risk response measures.
MEDIUM RISK: high impact, low probability
Transfer
HIGH RISK: high impact, high probability
Reduce/Abandon
MEDIUM RISK: low impact, high probability
Reduce/Accept
LOW RISK: low impact, low probability
Accept
Risk signicance can be judged by the
tiity o i, ho it i. Th ot
signicant risks are those capable o undermining
the strategy, long-term viability or reputation o
th ogitio. Th y i to itiy ti
i i th otxt o yo bi.
Impact o risk
Probability
ofoccurrence
-
7/27/2019 CGMA - Risk Questions Print
6/14
Risk questions a CGMA hld a rlag prc va4
tARA r rp mar:
Transfer: Can we transer all or part o the risk
elsewhere? The usual transer o risk is to take outan insurance policy, but risk can also be shared with
other parties, or example by outsourcing or settingup joint ventures.
Accept: Sometimes there is no option but to accept
the risk, particularly i the cost o managing orcontrolling the risk outweighs the benet. However,i a risk has been identied, contingency plans muststill be made. Business continuity plans are a good
example o this.
Reduce: Can we reduce the risk? Examples o risk
reduction techniques include the development ointernal control systems covering all nancial andnon-nancial activities. The COSO rameworkstates that internal controls consist o ve integrated
elements:
1. Control environment: management attitude and
philosophy regarding controls
2. Control procedures and activities: the actual
policies in place
3. Risk assessment: identiying controllable and
uncontrollable risks
4. Inormation: should be timely, accurate,understandable and relevant
5. Monitoring: in order to ensure the system isworking eciently
Remember that the answers to your quest ions maybe ound externally as well as internally. Ask your
ront line sta what customers are saying to them,and check your companys acebook, twitter andother social media accounts. Consider emergingproblem-solving trends such as crowdsourcing to
understand new ideas that may help you. In lookingoutside the organisation, youll be able to betteraddress and reduce your risks.
Abandon: In extreme cases, the only option may
be to leave the area o operations where the riskhas arisen, by closing down or divesting operations.From an innovation angle, this could mean choosingto discontinue development o a particular product,process or service.
The risk response can also be ormulated using amore visual approach, integrating risk questions and
TARA responses with a process map, as below. Thisincremental and iterative approach ensures that allacets o the risk are considered.
RISK PROCESS MAP #1
-
7/27/2019 CGMA - Risk Questions Print
7/14
Risk PRoCess MAP #1
IdenTIfIed rIsk
Whats going on?
Consider:
Internal environmentext viot
Organisational strategy
OperaTIOnal effecTs
A CGMA should also ask...What does that mean or us?
Consider:
exitig oAvailable resourcesImpact on strategy
d r avgfca mpac?
i rmaagab?
Accept the risk,
but monitor orchanges
Considerabandoning
the risk
n
n
Y
Y
Continue onnext page
-
7/27/2019 CGMA - Risk Questions Print
8/14
resOurce ImplIcaTIOns
A CGMA should also ask...What will it cost?
Consider:
Development costsOperational costs
Sta costs
pracTIcal cOnsIderaTIOns
A CGMA should also ask...What must we do?
Consider:
Risk toleranceRisk measurement
Risk response options
Cr w rar r rc
r
d c maagg r wg
bf?
Ar crrg a rab g
jy c?
n
n
Y
Y
Consider thebest way to
reduce the risk
Consider:
Strengthening controls
Alternative courseso action
Abandoning risk
Considerreducing costsby transerring
the risk
Implement newprocess, monitoringthe risk environment
-
7/27/2019 CGMA - Risk Questions Print
9/14
Risk questions a CGMA hld a rlag prc va7
This process map leads to a go/no go decision;
however it is important to recognise that riskmanagement does not stop once a decision has beenmade. Even i a choice has been made to accept therisk, it is essential to scan or new risks and changes
to existing risks and their controls, on a regularbasis.
The ollowing example uses the ctitious case oBadger Ltd. to illustrate how the process map maybe used in practice.
Badger Ltd. are a well established manuacturero widgets, and have historically perormed well
within an extremely competitive market with over20 national competitors producing broadly similarproducts. They are currently the market leader, with
a strong reputation or quality and customer service.
Badgers main competitor, Fox, has recentlyimplemented a new manuacturing technology on
their Widget2 production line, which has enabledthem to make signicant eciency savings and
eliminate waste. As a result Fox have been able toreduce the sales price o the Widget2 (a product alsosupplied by Badger) by 30%.
Badgers senior management team are concernedabout the potential long-term impact o this new
technology upon their market share, and have askedthe management accountant, a CGMA designationholder, to report upon this risk. The managementaccountant uses the process mapping tool to
identiy the key questions the management teammust address, as detailed below. This enables themanagement team to consider all risk areas beore
making their nal decision.
RISK PROCESS MAP #2
Skip Process Map
-
7/27/2019 CGMA - Risk Questions Print
10/14
Risk PRoCess MAP #2
IdenTIfIed rIsk
Whats going on?
What has changed in the industry were in?Our main competitor is using a new manuacturingtechnology that is more efcient than ours and is
reducing our proft margins substantially.
d r avgfca mpac?
Financial impact:HIGHTimescale: IMMEDIATE
i rmaagab?
WHaT are THeOperaTIOnal effecTs
What does that mean or us?
Which processes must we change in order to compete?What scale o implementation is needed?
What is the cost o implementing and maintaining new technology?
Accept the risk,but monitor or
changes
Considerabandoningthe risk by
discontinuingproduction o
Widget2
n
n
Y
Y
Continue onnext page
-
7/27/2019 CGMA - Risk Questions Print
11/14
WHaT are THe resOurce ImplIcaTIOns
What will it cost?
What are the development costs?
What are the machine related costs?How long will it take to make the required change?
What are the stang implications?What are the training costs?
What is the cost oNOT managing the risk?
WHaT are THe pracTIcalcOnsIderaTIOns?
What does this mean or us?What must we do?
What is our tolerance o this specic risk?How do we measure this risk?Wht xitig o i ?
Can we transer the risk?Can we reduce the risk?
Cr w rar r rc
r
d c maagg r wg
bf?
Ar cr
rg a rab g jy c?
n
n
Y
Y
Consider thebest way to
reduce the risk
Consider ways to
improve and strengthencontrols
Considerreducing costsby transerring
the risk
Begin detailed
scoping and planningor implementation onew technology
-
7/27/2019 CGMA - Risk Questions Print
12/14
Risk questions a CGMA hld a rlag prc va10
At the mid-point o the process map, the senior
management team must ocus upon how they mighttranser or reduce the risk. Having consideredall options, the management team eel thatoutsourcing production o the Widget2 is likely to
compromise quality. Attention is thereore switchedto reducing the risk, and it is decided that Badgermust implement similar, or better, manuacturing
processes than Fox to improve eciency, maintaincompetitive advantage and cut costs.
The risk management process does not stop once
a nal decision has been made; Badger mustcontinue to scan or and address risks throughoutthe implementation o the new technology.Common reasons or ailure o a new project revolve
around levels o commitment, co-ordination andcommunication across all stakeholders, and themanagement accountant has a key role to play in
helping the senior management team address theseissues and ensure that the implementation is asuccess.
Thi too h b vo t o wi g o o, whih yo o th
CGMA website. You may also nd the ollowing useul when ocusing upon inormed decision-making
in your organisation.
How to develop non-nancial KPIs
http://www.cgma.org/Resources/Tools/Pages/develop-non-nancial-kpis.aspx
How to turn data into decisions
http://www.cgma.org/Resources/Tools/Pages/turn-data-into-decisions.aspx
How to communicate risks using a heat map
http://www.cgma.org/Resources/Tools/Pages/communicate-risks-using-heatmap.aspx
How to evaluate enterprise risk management maturityhttp://www.cgma.org/Resources/Tools/Pages/evaluate-enterprise-risk-management.aspx
http://www.cgma.org/Resources/Tools/Pages/develop-non-financial-kpis.aspxhttp://www.cgma.org/Resources/Tools/Pages/turn-data-into-decisions.aspxhttp://www.cgma.org/Resources/Tools/Pages/communicate-risks-using-heatmap.aspxhttp://www.cgma.org/Resources/Tools/Pages/evaluate-enterprise-risk-management.aspxhttp://www.cgma.org/Resources/Tools/Pages/evaluate-enterprise-risk-management.aspxhttp://www.cgma.org/Resources/Tools/Pages/communicate-risks-using-heatmap.aspxhttp://www.cgma.org/Resources/Tools/Pages/turn-data-into-decisions.aspxhttp://www.cgma.org/Resources/Tools/Pages/develop-non-financial-kpis.aspx -
7/27/2019 CGMA - Risk Questions Print
13/14
Risk questions a CGMA hld a rlag prc va11
Distribution o this material via the internet doesnot constitute consent to the redistribution o it in
any orm. No part o this material may be otherwisereproduced, stored in third party platorms and
databases, or transmitted in any orm or by anyprinted, electronic, mechanical, digital or othermeans without the written permission o the owner
o the copyright as set orth above. For inormationabout the procedure or requesting permission toreuse this content please email [email protected]
The inormation and any opinions expressed in thismaterial do not represent ocial pronouncements
o or on behal o AICPA, CIMA, the CGMAdesignation or the Association o International
Certied Proessional Accountants. This materialis oered with the understanding that it does not
constitute legal, accounting, or other proessionalservices or advice. I legal advice or other expert
assistance is required, the services o a competentproessional should be sought. The inormationcontained herein is provided to assist the reader
in developing a general understanding o the topicsdiscussed but no attempt has been made to coverthe subjects or issues exhaustively. While everyattempt to veriy the timeliness and accuracy o
the inormation herein as o the date o issuancehas been made, no guarantee is or can be given
regarding the applicability o the inormation oundwithin to any given set o acts and circumstances.
2013, Chartered Institute o Management Accountants. All rights reserved.
F
1. Internal Control - Integrated Framework,
COSO, May 2013
2. http://www.cgma.org/Resources/Tools/DownloadableDocuments/communicate-
risksusing-heat-map.pdf
mailto:[email protected]://www.cgma.org/Resources/Tools/DownloadableDocuments/communicate-risksusing-heat-map.pdfhttp://www.cgma.org/Resources/Tools/DownloadableDocuments/communicate-risksusing-heat-map.pdfhttp://www.cgma.org/Resources/Tools/DownloadableDocuments/communicate-risksusing-heat-map.pdfhttp://www.cgma.org/Resources/Tools/DownloadableDocuments/communicate-risksusing-heat-map.pdfhttp://www.cgma.org/Resources/Tools/DownloadableDocuments/communicate-risksusing-heat-map.pdfhttp://www.cgma.org/Resources/Tools/DownloadableDocuments/communicate-risksusing-heat-map.pdfmailto:[email protected] -
7/27/2019 CGMA - Risk Questions Print
14/14
Th aoitio o Ittio cti poio aott, ajoint venture o AICPA and CIMA, established the CGMA designation
Chartered Institute oManagement Accountants26 Chapter StreetLondon SW1P 4NPUnited KingdomT. +44 (0)20 7663 5441
f. +44 (0)20 7663 5442
CIMA has oces in the ollowing locations: Australia, Bangladesh, Botswana, China,Ghana, Hong Kong SAR, India, Ireland, Malaysia, Nigeria, Pakistan, Poland, Russia,Singapore, South Arica, Sri Lanka, UAE, UK, Zambia, Zimbabwe.
American Institute o CPAs1211 Avenue o the AmericasNew York, NY 10036-8775T. +1 2125966200f. +1 2125966213
www.cgma.org
June 2013
cGma, cHarTered GlOBal manaGemenT accOunTanT, th cGma ogo t o th aoitioo Ittio cti poio aott. assOcIaTIOn Of InTernaTIOnal cerTIfIed prOfessIOnalaccOunTanTs th assOcIaTIOn Of InTernaTIOnal cerTIfIed prOfessIOnal accOunTanTs ogo t o th ai Ititt o cti pbi aott. Th t git i th uit sttand in other countries.
http://www.cgma.org/http://www.cgma.org/