Sunday, August 21, 2011
Importance of independence of Auditor
The auditor must be materially independent of the client for the following reasons:
1. To increase credibility and to underpin confidence in the process. In an external audit, this will primarily be for the benefit of the shareholders and in an internal audit, it will often be for the audit committee that is, in turn, the recipient of the internal audit report.
2. To ensure the reliability of the audit report. Any evidence of lack of independence (or ‘capture’) has the potential to undermine all or part of the audit report thus rendering the exercise flawed.
3. To ensure the effectiveness of the investigation of the process being audited. An audit, by definition, is only effective as a means of interrogation if the parties are independent of each other.
***********
Framework for assessing risk
Risk is assessed by considering each identified risk in terms of two variables:
– its hazard (or consequences or impact) and,
– its probability of happening (or being realised or ‘crystallising’).
The most material risks are those identified as having high impact/hazard and the highest probability of happening. Risks with low hazard and low probability will have low priority whilst between these two extremes are situations where judgement is required on how to manage the risk.
In practice, it is difficult to measure both variables with any degree of certainty and so it is often sufficient to consider each in terms of relative crude metrics such as ‘high/medium/low’ or even ‘high/low’. The framework can be represented as a ‘map’ of two intersecting continuums with each variable being plotted along a continuum.
***********
Contribution of Risk Committee
Evaluate the contribution that a risk committee made up of non-executive directors could make to shareholders’ confidence in the management of an organistion
Risk committees are considered best practice by most corporate governance regimes around the world for a number of reasons. A risk committee made up of non-executive directors could provide an independent viewpoint on the company’s overall response to risk, and to challenge the CEO’s attitude. A risk committee can help increase the confidence in a number of ways:
Determining overall exposure to risk
The committee can pressure the board to determine what constitute acceptable level of risk, bearing in mind the likelihood and the risks materialising and the company’s ability to reduce the incidence and impact on the business.
Monitoring the overall exposure to risk
Once the board defined acceptable risk levels, the committee should monitor whether the company is remaining within these levels and whether earnings are sufficient given the levels of risks that are being borne.
Reviewing reports on key risks
There should be a regular system of reports to the risk management committee covering areas known to be of high risk, also one-off reports covering conditions and events likely to arise in the near future. This should facilitate monitoring of risk.
Monitoring the effectiveness of the risk management systems
The committee should monitor the effectiveness of the risk management systems, focusing particularly on effective management attitudes towards risks and the overall control environment and culture. A risk committee can judge whether there is an emphasis on effective management or whether insufficient attention is being given to risk management due to the pursuit of higher returns.
************
Risk committees are considered best practice by most corporate governance regimes around the world for a number of reasons. A risk committee made up of non-executive directors could provide an independent viewpoint on the company’s overall response to risk, and to challenge the CEO’s attitude. A risk committee can help increase the confidence in a number of ways:
Determining overall exposure to risk
The committee can pressure the board to determine what constitute acceptable level of risk, bearing in mind the likelihood and the risks materialising and the company’s ability to reduce the incidence and impact on the business.
Monitoring the overall exposure to risk
Once the board defined acceptable risk levels, the committee should monitor whether the company is remaining within these levels and whether earnings are sufficient given the levels of risks that are being borne.
Reviewing reports on key risks
There should be a regular system of reports to the risk management committee covering areas known to be of high risk, also one-off reports covering conditions and events likely to arise in the near future. This should facilitate monitoring of risk.
Monitoring the effectiveness of the risk management systems
The committee should monitor the effectiveness of the risk management systems, focusing particularly on effective management attitudes towards risks and the overall control environment and culture. A risk committee can judge whether there is an emphasis on effective management or whether insufficient attention is being given to risk management due to the pursuit of higher returns.
************
Saturday, August 20, 2011
Appointment of Internal Auditors from Inside or Outside
In practice, a decision such as this one will depend on a number of factors including the supply of required skills in the internal and external job markets. In constructing the case for an external appointment, however, the following points can be made.
Primarily, an external appointment would bring detachment and independence that would be less likely with an internal one.
Firstly, then, an external appointment would help with independence and objectivity (avoiding the possibility of auditor capture). He or she would owe no personal loyalties nor ‘favours’ from previous positions. Similarly, he or she would have no personal grievances nor conflicts with other people from past disputes or arguments.
Some benefit would be expected from the ‘new broom’ effect in that the appointment would see the company through fresh eyes. He or she would be unaware of vested interests. He or she would be likely to come in with new ideas and expertise gained from other situations.
Finally, as with any external appointment, the possibility exists for the transfer of best practice in from outside – a net gain in knowledge for the company.
***********
Primarily, an external appointment would bring detachment and independence that would be less likely with an internal one.
Firstly, then, an external appointment would help with independence and objectivity (avoiding the possibility of auditor capture). He or she would owe no personal loyalties nor ‘favours’ from previous positions. Similarly, he or she would have no personal grievances nor conflicts with other people from past disputes or arguments.
Some benefit would be expected from the ‘new broom’ effect in that the appointment would see the company through fresh eyes. He or she would be unaware of vested interests. He or she would be likely to come in with new ideas and expertise gained from other situations.
Finally, as with any external appointment, the possibility exists for the transfer of best practice in from outside – a net gain in knowledge for the company.
***********
Objectivity and Internal/External Auditors
Objectivity is a state or quality that implies detachment, lack of bias, not influenced by personal feelings, prejudices or emotions. It is a very important quality in corporate governance generally and especially important in all audit situations where, regardless of personal feeling, the auditor must carry out his or her task objectively and with the purpose of the audit uppermost in mind. The IFAC Code of Ethics explains objectivity in the following terms (Introduction, clause 16): “… fair and should not allow prejudice or bias, conflict of interest or influence of others to override objectivity.”
It thus follows that characteristics that might demonstrate an internal auditor’s professional objectivity will include fairness and even-handedness, freedom from bias or prejudice and the avoidance of conflicts of interest (e.g. by accepting gifts, threats to independence, etc.).
The internal auditor should remember at all times that the purpose is to deliver a report on the systems being audited to his or her principal. In an external audit situation, the principal is ultimately the shareholder and in internal audit situations, it is the internal audit committee (and then ultimately, shareholders).
************
It thus follows that characteristics that might demonstrate an internal auditor’s professional objectivity will include fairness and even-handedness, freedom from bias or prejudice and the avoidance of conflicts of interest (e.g. by accepting gifts, threats to independence, etc.).
The internal auditor should remember at all times that the purpose is to deliver a report on the systems being audited to his or her principal. In an external audit situation, the principal is ultimately the shareholder and in internal audit situations, it is the internal audit committee (and then ultimately, shareholders).
************
Monday, August 15, 2011
Classification of Stakeholders
(a) Internal stakeholders
Employees, management
(b) External stakeholders
The government, local government, the public, pressure groups, opinion leaders
(c) Connected stakeholders
Shareholders, customers, suppliers, lenders, trade unions, competitors
***************
(a) Direct stakeholders
Those who know they can affect or are affected by the organisation’s activities – employees, major customers and suppliers
(b) Indirect stakeholders
Those who are unaware of the claims they have on the organization or who cannot express their claim directly- wildlife, individual customers or suppliers of a large organization, future generations
*************
(a) Narrow stakeholders
Those most affected by organisation’s strategy- shareholders, managers, employees, suppliers, dependent customers
(b) Wide stakeholders
Those less affected by the organisation’s strategy – government, less dependent customers, the wider community
************
(a) Primary stakeholders
Those without whose participation the organization will have difficulty continuing as a going concern, such as customers, suppliers and government (tax and legislation)
(b) Secondary stakeholders
Those whose loss of participation won’t affect the company’s continued existence such as broad communities
*************
(a) Active stakeholders
Those who seek to participate in the organisation’s activities. Stakeholders includes managers, employees and institutional investors, but may also include other groups not part of an organization’s structure such as regulators or pressure group
(b) Passive stakeholders
Those who do not seek to participate in policy-making such as most shareholders, local communities and government
**************
(a) Voluntary stakeholders
Those who engage with the organization voluntarily – employees, most customers, suppliers and shareholders
(b) Involuntary stakeholders
Those who become stakeholders involuntarily – local communities, neighbours, the natural world, future generations
**************
(a) Legitimate stakeholders
Those who have valid claims upon the organisation
(b) Illegitimate stakeholders
Those whose claims upon the organization are not valid
**************
(a) Recognized stakeholders
Those whose interests and views managers consider when deciding upon strategy
(b) Unrecognized stakeholders
Those whose claims aren’t taken into account in the organisation’s decision making – likely to be very much the same as illegitimate stakeholders
**************
(a) Known stakeholders
Those whose existence is known o the organisation
(b) Unknown stakeholders
Those whose existence is unknown to the organisation (undiscovered species, communities in proximity to overseas suppliers)
*************
Employees, management
(b) External stakeholders
The government, local government, the public, pressure groups, opinion leaders
(c) Connected stakeholders
Shareholders, customers, suppliers, lenders, trade unions, competitors
***************
(a) Direct stakeholders
Those who know they can affect or are affected by the organisation’s activities – employees, major customers and suppliers
(b) Indirect stakeholders
Those who are unaware of the claims they have on the organization or who cannot express their claim directly- wildlife, individual customers or suppliers of a large organization, future generations
*************
(a) Narrow stakeholders
Those most affected by organisation’s strategy- shareholders, managers, employees, suppliers, dependent customers
(b) Wide stakeholders
Those less affected by the organisation’s strategy – government, less dependent customers, the wider community
************
(a) Primary stakeholders
Those without whose participation the organization will have difficulty continuing as a going concern, such as customers, suppliers and government (tax and legislation)
(b) Secondary stakeholders
Those whose loss of participation won’t affect the company’s continued existence such as broad communities
*************
(a) Active stakeholders
Those who seek to participate in the organisation’s activities. Stakeholders includes managers, employees and institutional investors, but may also include other groups not part of an organization’s structure such as regulators or pressure group
(b) Passive stakeholders
Those who do not seek to participate in policy-making such as most shareholders, local communities and government
**************
(a) Voluntary stakeholders
Those who engage with the organization voluntarily – employees, most customers, suppliers and shareholders
(b) Involuntary stakeholders
Those who become stakeholders involuntarily – local communities, neighbours, the natural world, future generations
**************
(a) Legitimate stakeholders
Those who have valid claims upon the organisation
(b) Illegitimate stakeholders
Those whose claims upon the organization are not valid
**************
(a) Recognized stakeholders
Those whose interests and views managers consider when deciding upon strategy
(b) Unrecognized stakeholders
Those whose claims aren’t taken into account in the organisation’s decision making – likely to be very much the same as illegitimate stakeholders
**************
(a) Known stakeholders
Those whose existence is known o the organisation
(b) Unknown stakeholders
Those whose existence is unknown to the organisation (undiscovered species, communities in proximity to overseas suppliers)
*************
Friday, August 12, 2011
Risk awareness
Explanation
Risk awareness is a capability of an organisation to be able to recognise risks when they arise, from whatever source they may come. A culture of risk awareness suggests that this capability (or competence) is present throughout the organisation and is woven into the normal routines, rituals, ways of thinking and is taken-for-granted in all parts of the company and in all employees.
***********
Why is it necessary for organisation to cultivate a culture of risk awareness and that this should permeate all levels of the company?
Risks can arise in any part of the organisation and at any level. Not all risks are at the strategic level and can be captured by a risk assessment. A culture of risk awareness will help ensure that all employees are capable of identifying risks as and when they arise.
Risks are dynamic and rise and fall with changes in the business environment and with changes in the company’s activities. With changes to the company’s risk profile occurring all the time, it cannot be assumed that the risks present at the most recent risk assessment will remain the same. Being prepared to adapt to changes is a key advantage of a culture of risk awareness.
A lack of risk awareness is often evidence of a lack of risk management strategy in the organisation. This, in turn, can be dangerous as the company could be more exposed to risk than it need be because of the lack of attentiveness by staff. A lack of effectiveness of risk management strategy leaves the company vulnerable to unrecognised or wrongly assessed risks.
**********
Risk awareness is a capability of an organisation to be able to recognise risks when they arise, from whatever source they may come. A culture of risk awareness suggests that this capability (or competence) is present throughout the organisation and is woven into the normal routines, rituals, ways of thinking and is taken-for-granted in all parts of the company and in all employees.
***********
Why is it necessary for organisation to cultivate a culture of risk awareness and that this should permeate all levels of the company?
Risks can arise in any part of the organisation and at any level. Not all risks are at the strategic level and can be captured by a risk assessment. A culture of risk awareness will help ensure that all employees are capable of identifying risks as and when they arise.
Risks are dynamic and rise and fall with changes in the business environment and with changes in the company’s activities. With changes to the company’s risk profile occurring all the time, it cannot be assumed that the risks present at the most recent risk assessment will remain the same. Being prepared to adapt to changes is a key advantage of a culture of risk awareness.
A lack of risk awareness is often evidence of a lack of risk management strategy in the organisation. This, in turn, can be dangerous as the company could be more exposed to risk than it need be because of the lack of attentiveness by staff. A lack of effectiveness of risk management strategy leaves the company vulnerable to unrecognised or wrongly assessed risks.
**********
Subscribe to:
Comments (Atom)