Summary Risk Management and internal control 2022/2023
76 views 2 purchases
Course
Risk Management and internal control
Institution
Universiteit Antwerpen (UA)
This document contains a summary or overview of all the lessons (notes) and slides of the course 'Risk management and internal control', taught by Kris Hardies. At the end of each part, the quizzes are added as well (with the right answers). No guest lectures or separate cases were added, as they c...
Risk Management & Internal Control
Prof. dr. Kris Hardies
2022/2023
Chapter 0: Introduction
0.1 BP Oil Spill
Cause for the oil spill: the organizational culture inside the company
Encouraged cost cutting & cutting of corners
Rewards workers for doing it faster and cheaper, not better
Management failure
Risk management will never work if the organizational culture isn’t right
0.2 Risk categories
I. Category I Risk control failures
Internal
Preventable
Known
E.g.: Siemens Bribery & Corruption scandal (breaching fiduciary duties)
II. Category II Risk control failures
New market or product
Not following or doing something that should be done
E.g.: Ford’s Edsel – “wrong car at the wrong time”,
McDonald’s Arch Deluxe – marketed specifically for adults but everyone
wanted cheap burgers
Walt Disney’s Disneyland Paris – first 10 years huge losses because of the
cultural differences (e.g. no alcohol policy)
Nokia missing the smartphone boom & Polaroid missing the digital
revolution
III. Category III Risk Control Failures
External events (all black swan events = unpredictable events)
E.g.: September 11 attacks, emergence of new technologies (the
internet), 2011 Tōhoku earthquake & tsunami
Changing environment: Source of risk
(Fortune 500 companies keep changing over time)
1
,0.4 Risk management
Risk: The possibility that an event will occur and adversely affect
the achievement of objectives.
Risk management: reducing the likelihood or impact of circumstances that could cause
outcomes to be less than desired.
Managing the change process
Risk management is a corporate governance requirement (Belgian Code on Corporate
Governance)
How much uncertainty is the organization willing to accept in their value creation process?
(every entity exists to provide value for its stakeholders)
Uncertainty: risks as well as opportunities
Managing risks eliminating risks: risks are accepted and managed, not eliminated.
COSO ERM (Enterprise Risk Management) framework
Roles and responsibilities:
o Board of Directors
o CEO
o Chief Risk Officer (CRO) & other top
executives
o Senior management
o Staff
o Internal Audit
o External Audit
o Regulatory Entities
Corporate governance: The system by which companies are directed and controlled. Boards of
directors are responsible for the governance of their companies. The shareholders’ role in
governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate
governance structure is in place. The responsibilities of the board include setting the company’s
strategic aims, providing the leadership to put them into effect, supervising the management of the
business and reporting to shareholders on their stewardship. The board’s actions are subject to laws,
regulations and the shareholders in general meeting.
2
,Chapter 1: Internal Control
1.1 Governance & culture
Governance: sets the organization’s tone, reinforcing the importance of, and establishing
oversight responsibilities for, ERM.
Culture: pertains to ethical values, desired behaviors and understanding of risk in the entity.
The control environment: the set of standards, processes and structures that provide the basis
for carrying out internal control across the entity.
The internal environment: encompasses the tone of an entity and sets the basis for how risk is
viewed and addressed by an entity’s people, including risk management philosophy and risk
appetite, integrity and ethical values and the environment in which they operate.
Integrity and ethical values: code of conduct (explains values inside the company and what is
acceptable)
Commitment to competence
Board of Directors (or Audit Committee): must have independence & competence to override
system controls
Board: Governing body of an entity, which may take the form of a board
directors or supervisory board for a corporation, board of trustees for a not-
for-profit organization, general partners for a partnership, or owner for a small
business.
Management’ philosophy & operating style
Organizational structure
Assignment of authority and responsibility
Human resource policies and practices
Tone at the top: The ethical environment within the firm created through management
practices and espoused values.
Organizational culture control environment
1.2 Questions at the end of the chapter
1. What is not a synonym for the internal environment?
o Control environment
o Governance and culture
o Tone at the top
2. A risk culture is defined by:
o All stakeholders
o Management
o The CEO
3
, Chapter 2: Strategy & Objective-setting
Every entity has a strategy for bringing its mission to fruition and to drive value.
ERM: The culture, capabilities and practices, integrated with strategy-setting and its execution,
that organizations rely on to manage risk in creating, preserving and realizing value.
Business objectives provide the link to practices within the entity to support the achievement
of the strategy.
2.1 Strategy and Risk appetite
Strategy should be consistent with risk appetite
Risk-return tradeoff (do we want less risk or more return?)
Rarely linear or one-to-one
Risk appetite: the types and amount of risk, on a broad level, an organization is willing
to accept in pursuit of value. (=its mission)
Chosen by management (endorsed/confirmed by board of directors)
May change over time (in line with risk capacity)
Risk capacity = maximum amount of risk an entity is able to absorb
Risk tolerance: Acceptable level of variation (in performance) relative to the
achievement of objectives.
Needs to be aligned with risk appetite
Achievement of objectives
The risk pyramid
2.2 Objective setting
Objectives: what an entity desires to achieve.
Strategic objectives
Related objectives (operating, reporting, compliance)
Objectives must exist before management can identify potential events affecting their
achievement!
Aligned with the entity’s mission
Aligned with the entity’s risk appetite
4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller raniboons. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.11. You're not tied to anything after your purchase.