This document contains a summary or overview of all the lessons (notes) and slides of the course 'Risk management and internal control', taught by Kris Hardies. At the end of each part, the quizzes are added as well (with the right answers). No guest lectures or separate cases were added, as they c...
Risk Management & Internal Control
Prof. dr. Kris Hardies
2022/2023
Chapter 0: Introduction
0.1 BP Oil Spill
Cause for the oil spill: the organizational culture inside the company
Encouraged cost cutting & cutting of corners
Rewards workers for doing it faster and cheaper, not better
Management failure
Risk management will never work if the organizational culture isn’t right
0.2 Risk categories
I. Category I Risk control failures
Internal
Preventable
Known
E.g.: Siemens Bribery & Corruption scandal (breaching fiduciary duties)
II. Category II Risk control failures
New market or product
Not following or doing something that should be done
E.g.: Ford’s Edsel – “wrong car at the wrong time”,
McDonald’s Arch Deluxe – marketed specifically for adults but everyone
wanted cheap burgers
Walt Disney’s Disneyland Paris – first 10 years huge losses because of the
cultural differences (e.g. no alcohol policy)
Nokia missing the smartphone boom & Polaroid missing the digital
revolution
III. Category III Risk Control Failures
External events (all black swan events = unpredictable events)
E.g.: September 11 attacks, emergence of new technologies (the
internet), 2011 Tōhoku earthquake & tsunami
Changing environment: Source of risk
(Fortune 500 companies keep changing over time)
1
,0.4 Risk management
Risk: The possibility that an event will occur and adversely affect
the achievement of objectives.
Risk management: reducing the likelihood or impact of circumstances that could cause
outcomes to be less than desired.
Managing the change process
Risk management is a corporate governance requirement (Belgian Code on Corporate
Governance)
How much uncertainty is the organization willing to accept in their value creation process?
(every entity exists to provide value for its stakeholders)
Uncertainty: risks as well as opportunities
Managing risks eliminating risks: risks are accepted and managed, not eliminated.
COSO ERM (Enterprise Risk Management) framework
Roles and responsibilities:
o Board of Directors
o CEO
o Chief Risk Officer (CRO) & other top
executives
o Senior management
o Staff
o Internal Audit
o External Audit
o Regulatory Entities
Corporate governance: The system by which companies are directed and controlled. Boards of
directors are responsible for the governance of their companies. The shareholders’ role in
governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate
governance structure is in place. The responsibilities of the board include setting the company’s
strategic aims, providing the leadership to put them into effect, supervising the management of the
business and reporting to shareholders on their stewardship. The board’s actions are subject to laws,
regulations and the shareholders in general meeting.
2
,Chapter 1: Internal Control
1.1 Governance & culture
Governance: sets the organization’s tone, reinforcing the importance of, and establishing
oversight responsibilities for, ERM.
Culture: pertains to ethical values, desired behaviors and understanding of risk in the entity.
The control environment: the set of standards, processes and structures that provide the basis
for carrying out internal control across the entity.
The internal environment: encompasses the tone of an entity and sets the basis for how risk is
viewed and addressed by an entity’s people, including risk management philosophy and risk
appetite, integrity and ethical values and the environment in which they operate.
Integrity and ethical values: code of conduct (explains values inside the company and what is
acceptable)
Commitment to competence
Board of Directors (or Audit Committee): must have independence & competence to override
system controls
Board: Governing body of an entity, which may take the form of a board
directors or supervisory board for a corporation, board of trustees for a not-
for-profit organization, general partners for a partnership, or owner for a small
business.
Management’ philosophy & operating style
Organizational structure
Assignment of authority and responsibility
Human resource policies and practices
Tone at the top: The ethical environment within the firm created through management
practices and espoused values.
Organizational culture control environment
1.2 Questions at the end of the chapter
1. What is not a synonym for the internal environment?
o Control environment
o Governance and culture
o Tone at the top
2. A risk culture is defined by:
o All stakeholders
o Management
o The CEO
3
, Chapter 2: Strategy & Objective-setting
Every entity has a strategy for bringing its mission to fruition and to drive value.
ERM: The culture, capabilities and practices, integrated with strategy-setting and its execution,
that organizations rely on to manage risk in creating, preserving and realizing value.
Business objectives provide the link to practices within the entity to support the achievement
of the strategy.
2.1 Strategy and Risk appetite
Strategy should be consistent with risk appetite
Risk-return tradeoff (do we want less risk or more return?)
Rarely linear or one-to-one
Risk appetite: the types and amount of risk, on a broad level, an organization is willing
to accept in pursuit of value. (=its mission)
Chosen by management (endorsed/confirmed by board of directors)
May change over time (in line with risk capacity)
Risk capacity = maximum amount of risk an entity is able to absorb
Risk tolerance: Acceptable level of variation (in performance) relative to the
achievement of objectives.
Needs to be aligned with risk appetite
Achievement of objectives
The risk pyramid
2.2 Objective setting
Objectives: what an entity desires to achieve.
Strategic objectives
Related objectives (operating, reporting, compliance)
Objectives must exist before management can identify potential events affecting their
achievement!
Aligned with the entity’s mission
Aligned with the entity’s risk appetite
4
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
√ Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, Bancontact of creditcard voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper raniboons. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €8,49. Je zit daarna nergens aan vast.
