Business risk
The threat that an action or event will adversely affect an organisation’s ability to achieve its objectives
Business objectives - three categories
- Operational (market, organisational, financial)
- Reliable financial reporting
- Compliance (social + environmental, legal + regulatory)
Four sources of risk
- Objectives that conflict
- Strategies
- External forces
- Internal forces
Organisation’s overall approach to risk management is down to
The Board
Objectives of risk management and internal control system (3)
- Reduce the likelihood of risky events occurring
- Minimise the impact if risky events do occur
- Improve the awareness of the risks faced by the business and the consequences of risky activities
Formal risk management process incorporates DASTRAW
- Documented process
- Approach being followed by each department
- Standardised method
- Training
- Regular basis
- Accountability
- Weaknesses identified and actions followed up
Benefits of risk management (8)
- Consistent approach
- Informed decisions
- Better information
- Increased understanding
- Formal documentation of risks
- Improved accountability
- Reduced fraud
- Reduced internal/ external audit costs
Four risk control strategies
- Risk avoidance
- Risk acceptance
- Risk transfer/ sharing
- Risk reduction
Board responsibility for overall approach to RMIC - 6 steps
1) Identify and assess principle risks
2) Determine risk appetite of organisation
3) Ensure appropriate culture and reward systems are embedded
4) Agree how principle risks should be managers/ mitigated
5) Monitor and review effectiveness of systems
6) Ensure sound internal and external information and communications
In order to carry out its role effectively, the board must consider whether it and any groups whom it delegates responsibility for RMIC have the necessary (5)
- Skills
- Knowledge
- Experience
- Authority
- Support
RMIC systems includes (5 components)
- Control environment
- Risk assessment process
- Information and communication systems
- Control acitivities
- Monitoring and review
Principle risks should be focussed on by board, these are
Risks that could threaten the company’s business model, future performance, solvency or liquidity
Committee of Sponsoring Organisations of the Treadway Commission (COSO) 1992
Provides framework for designing, implementing and assessing internal control systems
Entity level controls
Those that help establish the tone and culture of the organisation (overarching controls)
Matters for the board to consider (6)
- What assurance they require
- Delegation required
- Flow of information
- Skills, knowledge and experience
- How to ensure adequate discussion
- The culture it wishes to embed
RMIC encompasses (6)
- Policies, culture, organisation, behaviours, processes and systems
Risk assessment process (5 steps)
1) Identify risks in org
2) Assess the impact of risks
3) Assess likelihood of risk occurring
4) Prioritise risks, assessing principle risks
5) Identify whether controls can be put in place to mitigate
