Monitoring and Reporting on Risk
Chapter 11
Board Risk
The board is ultimately responsible for riskmanagement
Oversee strategic risks, operational risks, andfinancial risks
Many federal regulations have been put inplace to evaluate risk management
The Board also presents a risk in CorporateGovernance
Corporate Governance
The mechanisms and procedures thatdetermine how corporations are run;
Medium to large corporations haveseparation of ownership and control, whichmeans the corporation is owned by itsshareholders but controlled by its board ofdirectors and managers;
CG ensures that mgmt and the Board operatewith the best interests of the owners in mind.
How to align the interest of Directors with those of Shareholders:
Incentive compensation
Legal Liability
Management reputation
Takeover threats
Risk Management Reporting
Board risk committee
Board audit committee
Finance committee
Chief risk officer (CRO)
Board Risk Committee
Implements the risk management process atall times and levels
Identifies risks
Sets the company’s tolerance for risk
Prioritizes risks to be handled
Chief Risk Officer
Executive in charge of overseeing the riskmanagement department
Communicates with the board on riskdecisions and policies
Audit Committee
Evaluates the company’s compliance toregulations and financial reporting standards
Focus on compliance with standards alreadyin action
Work with internal and external auditors
Responsible for annual financial reporting
Internal Controls
Committee of Sponsoring Organizations ofthe Treadway Commission (COSO)
3 objectives:
1.Effectiveness and efficiency of operations
2. Reporting
3. Compliance
COSO’s Five Components
ControlEnvironment
RiskAssessment
Information andCommunication
ControlActivities
Monitoring
Internal Controls Within a Company
The board sets policy and appoints authorityfor implementing the risk managementobjectives
The management of the risk department areresponsible for creating internal controls tomonitor risk
Employees support the risk managementdepartment
Auditors monitor compliance of the internalcontrols
Internal Control Linked to Risk Monitoring
Internal controls can indicate changes in risk
Productive risk monitoring uncovers riskwhile still manageable
Not every risk can be identified
Internal Audit Support to Risk Monitoring
The internal audit department assess thecompany’s success in completing theirobjectives
Evaluation and assessment
Approve existing internal controls
Ensures accuracy
External auditors verify financial reporting
Risk Management vs. Internal Auditors
Complementary functions
Risk management pinpoints and prioritizesrisks then establishes plans to manage therisks
Internal auditors examine and investigate theinternal controls put in place by the riskmanagement
Risk-Based Auditing
3 Principles
Audit to business objectives
Materiality of the risk focus
Identify threats to the success of the business
Risk Assurance
Level of confidence in the risk managementdepartment as a whole
Reduces cost and increases value
Several benefits
Control Risk Self-Assessment
CRSA: management tool designed to self-audit risk assurance within a certain area ofresponsibility
Evaluates effectiveness, focuses on goals andthreats, and allows managers to get a betterunderstanding of where the company isfalling short and standing out
Risk Management Monitoring and Reporting
The flow of accurate information throughoutthe entire chain of command within thebusiness is the focus
Timely and detailed
User-friendly format is important