corporate governance. what is risk? ◦ risks are uncertain future occurrences which, left...
TRANSCRIPT
Risk Management, External & Internal Control
Corporate Governance
What is risk?◦ Risks are uncertain future occurrences which, left
unchecked, could adversely influence the achievement of a company’s business objectives
Naidoo, Corporate Governance, 2009 page 225
Risk Management
Some of the main types of risk are:
Market risk – exposure to changes in share price, interest rate etc
Credit risk – possibility that 3rd party may fail to honour its contractual commitments to the company
Operational risk – risk of loss due to inadequate internal processes or unexpected external events
Types of risk
Reputational risk – risk of event damaging company’s goodwill & reputation
Business volume risk – risk of changes in demand or supply or competition
Legal risk – risk of failure to comply with legislation or contractual requirements
Types of risk
Risk management can mean attempting to avoid or reduce exposure to a particular risk
Risk management can also mean increasing exposure to a particular risk to benefit from an anticipated outcome
Company will look at possibility of risk occurring & cost of reducing exposure
Managing Risk
The Board will decide in consultation with management which risks to terminate,
accept, reduce or transfer.
Managing Risk
Define the risk & identify the areas of risk Determine the capacity to deal with risk
using TART Develop strategies to deal with the risks
identified Develop risk management documentation Integrate risk management into business
plan Ongoing monitoring of risk
Implementing a risk management plan
The four approaches to risk management
Terminate – if risk is too great to control & risk exceeds benefits
Accept – if no other controls possible Reduce – institute appropriate controls Transfer – move risk to another party (eg:
insurer)
The TART approach
Internal control refers to the complex web of reporting systems present within a company in terms of which its business activities are controlled.
Naidoo, Corporate Governance, 2009 page 234
Internal Control
An effective system of internal control should enable the company to:◦ Identify key objectives & associated risks◦ Measure overall performance in managing risk◦ Manage the identification of risk & the mitigation
process through timely & meaningful communication
◦ Monitor the effectiveness of identifying, measuing & managing risk
Naidoo, Corporate Governance, 2009 page 235
Requirements of internal control
The Companies Act lays down the requirements for the appointment of an external auditor – see section 90 of the Act
The overriding factor is independence
External Audit
King III gives the audit committee certain responsibilities relating to the external auditors:◦ To nominate the auditor◦ To approve the terms of engagement &
remuneration◦ To monitor & report on the auditors independence◦ To create a policy relating to non-audit work◦ To review the quality & effectiveness of the
external audit process
Audit Committee responsibilities
The internal audit function must be independent & objective
It may be done internally or may be outsourced
If outsourced, it should not be done by the firm doing the external audit
If done internally, it should be independent of the day-to-day operations
The audit committee is responsible to oversee the internal audit function
The Internal Audit
To objectively evaluate the company’s risk management, internal control & corporate governance processes & provide assuarnce to the Board of the adequacy & functionality of these processes
If the Board decides not to have an internal audit function the reasons should be disclosed in the annual report (apply or explain)
Purpose of the Internal Audit
The Board should ensure that the internal audit function has the necessary status within the company to execute its functions independently and without fear or favour
This can be achieved by:◦ Appointment of qualified personnel◦ Head of internal audit given senior management
status◦ Head of internal audit to report to Board & CEO◦ Board promoting independence of internal audit◦ Internal audit given adequate funding & resources
The Status of Internal Audit