ELECTIVE

Department of Accounting Education Department of Accounting Education
Mabini Street, Tagum City Mabini Street, Tagum City

Davao del Norte Davao del Norte
Telefax: (084) 655-9591, Local 116 Telefax: (084) 655-9591, Local 116
Big Picture C RISK AND RISK MANAGEMENT
RISK (risicare-to dare)

Week 6-7: Unit Learning Outcomes (ULO): At the end of the unit, you are expected
to Risk is the uncertainty of outcome within a range of exposure arising from a combination
of the impact and probability potential events. The uncertainty of an event occurring that
a. Analyze the definition of risk management, and evaluate the risk could have an impact on the achievement of objectives.
management processes.
b. Prepare internal audit recommendation for the improvement of internal RISK MANAGEMENT
control of an organization. It is a dynamic process for taking all reasonable steps to find out and deal with risks that
impact objectives. It is the response to risk and decisions made in respect of available
choices and resources.
It is the task of defining risk, identifying risks, assessing this risks for impact and
Big Picture C in Focus: ULOa. Analyze the definition of risk materiality and then devising suitable ways for dealing with more significant risks.
management and evaluate the risk management processes of an
organization. BENEFITS OF RISK MANAGEMENT
 More realistic business and project planning
 Actions implemented in time to be effective
 Greater certainty of achieving business goals and project objectives
 Appreciation of, and readiness to exploit, all beneficial opportunities
Metalanguage  Improved loss control Improved control of project and business costs
 Increased flexibility as a result of understanding all options and associated risks
In this section, the most essential terms relevant to the topic and to demonstrate ULOa  Fewer costly surprises through effective and transparent contingency planning
will be operationally defined to establish a common frame of reference as to how the texts
work in your chosen field or career.
Risk is the possibility of suffering harm, loss or danger. RISK MODEL
Risk Management is the process of identifying, assessing and controlling threats to an Risks
organization's capital and earnings.
Enterprise Risk Management is a plan-based business strategy that aims to identify, Threats Objectives Opportunities
assess, and prepare for any dangers, hazards, and other potentials for disaster of both
physical and figurative that may interfere with an organization's operations and hinder the
attainment of organizations objectives. Impact
MODEL IMPLICATIONS:
Essential Knowledge
IMPACT LIKEHOOD Risk Management Actions
SIGNIFICANT HIGH Extensive management of risks
To perform the aforesaid big picture (unit learning outcomes) for the next two (2) weeks SIGNIFICANT MEDIUM Must manage and monitor risks
of the course, you need to fully understand the following essential knowledge that will be SIGNIFICANT LOW Considerable risk management is required
laid down in the succeeding pages. Please note that you are not limited to exclusively
refer to these resources. Thus, you are expected to utilize other books, research articles MODERATE HIGH Management effort is required
and other resources that are available in the university’s library e.g. ebrary, MODERATE MEDIUM Management effort is worthwhile
search.proquest.com etc. MODERATE LOW Risks maybe worth accepting yet with monitoring
60 61
MINOR HIGH Manage and monitor risks be identified and recorded. Business risk is really about these types of issues, and not
MINOR MEDIUM Accept but monitor the risks just the more well-known disasters, acts of God or risks to personal safety.
MINOR LOW Accept the risks
Assessment. The next stage is to assess the significance of the risks that have been
FOUR RISK STRATEGIES identified. This should revolve two-dimensional considerations: Impact, Likelihood
1. ACCEPTANCE consideration that we have already described earlier.
This is addressing and doing something about the risks when occur.
Management. Armed with the knowledge of what risks are significant and which are less
2. TRANSFER so the process requires the development of strategies for managing high impact, high
This is about giving the risk responsibility to someone outside the organization or likelihood risks. This ensures that all key risks are tackled and that resources are
project. channeled into areas of most concern, been identified through a structured which have
methodology.
3. MITIGATION
This is the strategy that is used in which the risks are reduced to acceptable risk Review. The entire risk management process and outputs should be reviewed and
tolerance level revisited on a continual basis. This should involve updating the risk management strategy
and reviewing the validity of the process that is being applied across the organization.
4. RISK AVOIDANCE
This is a strategy used to make the risk ceased and to completely eliminate the RISK ANALYSIS FRAMEWORK
possibility of risk in the organization.
RISK MANAGEMENT PROCESS
The stages of risk management are commonly known as:
Identification. The risk management process starts with a method for identifying all risks
that face an organization. This should involve all parties who have expertise, responsibility
and influence over the area affected by the risks in question. All imaginable risks should
62 63
TYPES OF RISK RESPONSES  Appropriate Culture and Capability
Impact Likelihood Response IMPORTANT PRINCIPLES TO RISK MANAGEMENT

High High Terminate; Controls
High Medium Tell Someone Risk Management should:
High Low Transfer Be tailored
Medium High Communicate Be reviewed regularly
Medium Medium Check Compliance and Commission Research Be dynamic, interactive and responsive to change
Medium Low Contingency Be transparent and inclusive
Low High Commission Research Be part of decision making
Low Medium Commission Research Protect everything of value
Low Low Take more; Tolerate Explicitly address uncertainty
Be based on the best available information
Operate under a common language
Be systematic and structured
Take into account organizational culture, human factors and behaviours
Response Description CLASSIFICATION OF RISK

Terminate The risk is great and either cannot be contained at all or the cost of Financial
such containment are prohibitive  Accounting and reporting
Controls Consider installing measures to mitigate the impact, if not completely  Market
eliminate the risk  Liquidity
Tell Someone Set out the unguarded risk and work out strategy for relaying position  Tax
to the party who can tackle it best.  Capital structure
Transfer Adopt strategy of spreading risk, wherever possible
Communicate Where controls may not address the risk to an acceptable level, that Strategic
is to communicate risks to stakeholders and make them aware of  Planning and resource allocation
success  Communications and investor relations
Check Focus on areas where controls are crucial to mitigating significant  Major initiatives and capital programs
Compliance risks and to ensure that they are actually working as intended.  Competitive market dynamics
Commission Allows more thinking time, where decision is based on an in-depth  Mergers, acquisitions and divestitures
Research research exercise to assess more about the risk, its impact and  Macro - market dynamics
probability
Contingency Making contingency arrangement when risk materialized. Focus is on Compliance
measures after preventive control fail.  Governance
Take More Maximizing areas where we have control over outcome while  Regulatory
minimizing areas where we have no or limited control.
 Legal
Tolerate Continuous assessment and monitoring of risks so to maintain its low
 Code of conduct
impact and likelihood of happening.
Operational
EFFECTIVE RISK MANAGEMENT
 Information technology
COMPONENTS  Physical assets
 Risk Management Process  Sales and marketing
 Risk Strategy  People
 Risk Management Function  Research and development
 Enabling Technologies  Supply chain
 Governance  Hazards
64 65
ROLE OF INTERNAL AUDIT IN RISK MANAGEMENT Legitimate Internal Audit Roles with Safeguard
 Facilitating identification and evaluation of risks
Monitor the effectiveness of the system of internal control that has been introduced to  Coaching management in responding to risks
address the significant risks.  Coordinating ERM activities
 Consolidated reporting on risks
Review the extent that managers and board members have identified, evaluated and  Maintaining and developing the ERM framework
managed the company's risk.  Championing establishment of ERM
 Developing RM strategy for Board approval
ENTERPRISE-WIDE RISK MANAGEMENT (ERM) Safeguards

 It should be clear that responsible to risk management
This is a structured, consistent and continuous process across the whole organization for  The nature of internal auditor's responsibilities should be documented in the
identifying, assessing, deciding on responses to and reporting on opportunities and internal audit charter management remains and approved by the audit committee
threats affecting the achievement of organizational objectives.  Internal auditing should not manage any of the risk on behalf of management
 Internal auditing should provide advice, challenge and support management's
Responsibility for ERM decision-making, as opposed to taking risk management. decisions themselves
The Board has the overall responsibility for ensuring that risks are managed. In practice,  Internal auditing cannot also give objective assurance on any part of the ERM
the Board will delegate the operation of the risk management framework to the framework for which it is responsible
Management Team, who will be responsible for completing risk management activities.  Any work beyond the assurance activities should be recognized as a consulting
engagement and the implementation standards related to such should be followed.
Benefits of ERM
 Greater likelihood of achieving organizational objectives Roles Internal Audit should not undertake
 Consolidated reporting of disparate risks at Board level  Setting the risk appetite
 Improved understanding of key risks and its wider implications  Imposing risk management processes
 Easy identification and sharing of cross business risks  Taking management assurance on risks
 Greater management focus on the issues that really matter  Taking decisions on risk responses
 Fewer surprises or crises  Implementing risk response on management's behalf
 More focus internally on doing the right things at the right way.  Accountability for risk management
 Increased likelihood of change initiatives being achieved
…
 Enhanced capability to take on greater risk for greater reward and
 More informed risk-taking and decision making
Self-Help: You can also refer to the sources below to help you further
PROVIDING ASSURANCE ON ERM understand the lesson:
Internal Auditors normally provide assurance on three areas:
1. Risk management processes, both the design and functions. * Tan, J.B. (2015). Internal audit theories, concepts and applications. (2015 ed.). Maa,
2. Management of identified risks and effectiveness of controls. Davao City: MS Lopez Printing & Publishing.
3. Reliable and appropriate risk assessment and reporting.
* Whittington, R. (2014). Principles of auditing and other assurance services with CD
ROLES OF INTERNAL AUDITING ON ERM (19th ed.). New York: McGraw - Hill Education.
Core Internal Audit Roles
 Reviewing the management of key risks * Australia, T. I., & technical editor, C. L. (2013). Financial reporting handbook 2013:
 Evaluating the reporting of key risks incorporating all the standards as at 1 December 2013. Milton, Qld : Wiley.
 Evaluating risk management processes
 Giving assurance that risks are correctly evaluated Note:
 Giving assurance on the risk management process
The content of this manual is based on the textbook for ACCE 311 titled “Internal Audit:
Theories, Concepts and Applications” by Joel B. Tan, CPA.
66 67
Q&A List refer to these resources. Thus, you are expected to utilize other books, research articles
and other resources that are available in the university’s library e.g. ebrary,
In this section you are going to list what boggles you in this unit. You may indicate your search.proquest.com etc.
questions but noting you have to indicate the answers after your question is being raised
and clarified. You can write your questions below. INTERNAL CONTROL
Internal Control is a process effected by entity's BOD management and other personnel
Questions/Issues Answers designed to provide reasonable assurance regarding the achievement of objectives:
1. a. Reliability of financial reporting
2. b. Effectiveness and efficiency of operations
3. c. Safeguarding of company resources
4. d. Compliance with applicable laws and regulations
5.
It is any action taken by management, the Board and other parties to manage risk and
increase the likelihood that established objectives and goals will be achieved.
Keyword Index The Board

The Management
 Risk Other Parties
 Risk Management
 Enterprise-Risk Management Internal Control Actions
 Control Risk Self-Assessment
 Promote efficiency
 Reduce risk of asset loss
 Help ensure reliability of financial statements & compliance with laws and
regulations
Big Picture C in Focus: ULOb. Prepare internal audit recommendation Main Principle: The Board should maintain a sound system of internal control to
for the improvement of internal control of an organization. safeguard shareholders' Investment and the company's assets.
Code Provision: The Board should, at least annually, conduct a review of the
effectiveness of the group's system of internal controls and should report to
shareholders that they have done so.
Metalanguage
LIMITATIONS OF INTERNAL CONTROL
In this section, the most essential terms relevant to the topic and to demonstrate ULOb Internal control provides reasonable assurance, but not absolute assurance because of
will be operationally defined to establish a common frame of reference as to how the control limitations and constraints.
texts work in your chosen field or career.  Judgment
 Breakdown
Internal Control is a process for assuring of an organization's objectives in operational  Management Override
effectiveness and efficiency, reliable financial reporting, and compliance with laws,  Collusion
regulations and policies.  Cost-Benefit
INTERNAL CONTROL PROCESS

Essential Knowledge  Control Environment
 Risk Management
 Monitoring of Controls
To perform the aforesaid big picture (unit learning outcomes) for the next two (2) weeks
 Control Activities
of the course, you need to fully understand the following essential knowledge that will
 Information & Communication
be laid down in the succeeding pages. Please note that you are not limited to exclusively
70 71
CONTROL ENVIRONMENT CONTROL FRAMEWORK

It provides the discipline and structure for the achievement of the primary objectives of  Basis for control system and promote the right controls environment.
internal control system.
CONTROL FRAMEWORK MODELS:
Elements (IC HAMBO)
1. COSO (Committee of Sponsoring Organizations) MODEL of the Treadway
Integrity and Ethical Values Commission
Commitment to Competence of Personnel
Human Resource Policies and Practices  Monitoring
Assignment of Authority and Responsibility  Control Activities
Management Philosophy and Operating Style  Risk Assessment
Board of Directors/ Audit Committee  Control Environment
Organizational Structure
2. COCO (Criteria of Control) MODEL
INTERNAL CONTROL SYSTEM
This encompasses the policies, processes, tasks, behaviours and other aspects of a  Purpose
company that when taken together:  Commitment
 Facilitate effective and efficient operation of organization by enabling it to respond  Capability
appropriately to significant business, operational, financial, compliance and other  Action
risks to achieving its objectives.  Monitoring and Learning
 Help ensure the quality of internal and external reporting. This requires the
maintenance of proper records and processes that generate a flow of timely, CONTROL RISK
relevant and reliable information from within and outside the organization. It is the risks that the internal control system will not be able to prevent, detect and
 Help ensure compliance with applicable laws and regulations, and also with manage the occurrence of potential risks.
internal policies respect to the conduct of business.
MANAGEMENT RESPONSIBILITIES
 Determine the need for controls Self-Help: You can also refer to the sources below to help you
 Design suitable controls Implement these controls further understand the lesson:
 Check that these controls are being applied correctly
 Maintain and update the controls * Tan, J.B. (2015). Internal audit theories, concepts and applications. (2015 ed.). Maa,
 Inclusion of the above noted matters within any appraisal scheme that seeks to Davao City: MS Lopez Printing & Publishing.
judge management's performance.
* Whittington, R. (2014). Principles of auditing and other assurance services with CD
INTERNAL AUDITOR'S ROLE (19th ed.). New York: McGraw - Hill Education.
1. Assess those areas that are most at risk in terms of the key control objectives
2. Define and undertake a.programme for reviewing high profile systems that attract * Australia, T. I., & technical editor, C. L. (2013). Financial reporting handbook 2013:
most risk incorporating all the standards as at 1 December 2013. Milton, Qld : Wiley.
3. Review each of the systems by examining and evaluating their associated
systems of internal control to determine the extent to which control objectives are Note:
being met.
4. Advice management whether or not controls are operating adequately and The content of this manual is based on the textbook for ACCE 311 titled “Internal Audit:
effectively so as to promote the achievement of the system's control objectives. Theories, Concepts and Applications” by Joel B. Tan, CPA.
5. Recommend any necessary improvements to strengthen controls where
appropriate, while making clear the risks involved for failing to effect these
recommended changes
6. Follow-up audit work whether management has actioned on the agreed audit Let’s Analyze
recommendations.
I. Questions:
72 73

ELECTIVE

Uploaded by

ELECTIVE

Uploaded by

Department of Accounting Education Department of Accounting Education

Mabini Street, Tagum City Mabini Street, Tagum City

Big Picture C RISK AND RISK MANAGEMENT

RISK (risicare-to dare)

Risk is the possibility of suffering harm, loss or danger. RISK MODEL

RISK MANAGEMENT PROCESS

The stages of risk management are commonly known as:

TYPES OF RISK RESPONSES  Appropriate Culture and Capability

Impact Likelihood Response IMPORTANT PRINCIPLES TO RISK MANAGEMENT

Response Description CLASSIFICATION OF RISK

ENTERPRISE-WIDE RISK MANAGEMENT (ERM) Safeguards

Keyword Index The Board

INTERNAL CONTROL PROCESS

CONTROL ENVIRONMENT CONTROL FRAMEWORK

You might also like