Strategic Risk Management in the Face of Uncertainty and Unexpected Risks

  • 1,291 views
Uploaded on

IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses …

IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,291
On Slideshare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Strategic Risk Management inthe Face of Uncertainty andUnexpected RisksVincent Tophoff, InternationalFederation of Accountants (IFAC)ICAP CFO ConferenceKarachi, PakistanMarch 12, 2013 Page 1 | Confidential and Proprietary Information
  • 2. ICAP CFO Conference 2013Overview• IFAC and its PAIB Committee• Current thinking in risk management• Bad practice vs. good practice in risk management• Role of CFO / PAIB in risk management• Useful standard and guidelines• IFAC’s work on risk management and internal control Page 2 | Confidential and Proprietary Information
  • 3. ICAP CFO Conference 2013The International Federation of Accountants (IFAC)• The global organization of the accountancy profession• 173 member bodies and associates in 129 countries• 2.5 million professional accountants in public practice, commerce, industry, financial services, the public sector, education, and the not-for-profit sector• Public interest focused More than half are in this box. We call them PAIBs and IFAC’s PAIB Committee exists to support them Page 3 | Confidential and Proprietary Information
  • 4. ICAP CFO Conference 2013What IFAC Does• Establish and promote adherence to high quality professional standards• Further adoption and implementation of standards• Support the global development of the accountancy profession• Provides a global voice and promotes the value of professional accountants worldwide• Supports professional accountants in business / CFOs and small and medium practices Page 4 | Confidential and Proprietary Information
  • 5. ICAP CFO Conference 2013IFAC’s PAIB Committee >Topic Areas of Importance• Governance and ethics• Risk management and internal control• Sustainability and corporate responsibility• Financial and performance management• Business reporting• Promoting and contributing to the value of PAIBs/CFOs All areas of critical importance to professional accountants in business and CFOs Page 5 | Confidential and Proprietary Information
  • 6. ICAP CFO Conference 2013Global Crisis, Caused by:• Ethical flaws• Governance, risk & control in name but not in spirit• Regulatory overload, leading to legalistic compliance• Risk & control systems too narrowly focused on only financial reporting controlsConclusions:• Appropriate application of risk management and internal control standards and principles is often the problem• Organizations should take a broader approach in risk management and internal control. Page 6 | Confidential and Proprietary Information
  • 7. ICAP CFO Conference 2013Current thinking about risk (1)• The safest place for a ship…• … is to stay in the harbor• But that’s not where ships are made for… Page 7 | Confidential and Proprietary Information
  • 8. ICAP CFO Conference 2013Current thinking about risk (2)• Instead, ship are used to transport people and goods to other destinations• And that involves riskSo, what is risk?• Risk is nowadays defined as ―the effect of uncertainty on (achieving) the organization’s objectives‖ (ISO 31000)• No objectives => no risk. Therefore, risk should always be assessed in light of the organization’s objectives Page 8 | Confidential and Proprietary Information
  • 9. ICAP CFO Conference 2013Current thinking about risk management (1)• Q: “How does your organization address uncertainty in achieving its strategic objectives?”• A: ―Through our strategic management system;‖ – Line management engaged in plan-do-check-act cycle – Focused on achieving the organization’s objectives• Q: “How does your organization address risk?”• A: ―Through our risk management system;‖ – (separate) risk and control system, staff functionaries, risk register – Focused on mitigating risk Page 9 | Confidential and Proprietary Information
  • 10. ICAP CFO Conference 2013Current thinking about risk management (2)What does this example tell us?• That we, CFOs / PAIBs, have made great progress in the area of risk management and internal control…• …But that we, in the process, lost the other people in our organization! Risk Management Rest of the Organization Page 10 | Confidential and Proprietary Information
  • 11. ICAP CFO Conference 2013Current thinking about risk management (3)Biggest risk facing anorganization: Disconnectbetween those responsible forachieving strategic objectivesvs. those responsible formanaging riskSolution: making thoseresponsible for achievingstrategic objectives alsoresponsible for managingrelated risks! Page 11 | Confidential and Proprietary Information
  • 12. ICAP CFO Conference 2013Current thinking about risk management (4)• Line management is accountable for (achieving) the organization’s objectives,• This also includes responsibility for managing the effects of risk on those objectivesKey objective for CFOs / PAIBs in this regard:• Ensure that risk management and internal control are fully integrated in the line management of an organization! Page 12 | Confidential and Proprietary Information
  • 13. ICAP CFO Conference 2013Bad Practice vs. Good Practice in Risk ManagementOverwhelming load of bad practice • RM/IC as objective in itself vs. RM/IC to achieve objectives • Auditor / staff driven vs. Board and management driven • Rules-based vs. Principles-based • Of the shelf systems vs. Tailor made • Focused on threats only vs. Also focused on opportunities • Mainly hard controls vs. Social / human aspects • Artificially implemented vs. Organically implemented • Stand alone / ―bolt-on‖ vs. Integrated / ‖built-in‖ • Static, out-of-date vs. Dynamic, evolving • Creates costs vs. Creates results / value • Abandoned vs. Supported Page 13 | Confidential and Proprietary Information
  • 14. ICAP CFO Conference 2013Bad Practice vs. Good Practice in Risk Management (2) or Hindering the Enabling the organization organization• Good risk management & internal control: invisible hand Page 14 | Confidential and Proprietary Information
  • 15. ICAP CFO Conference 2013Role of the PAIB / CFO in Risk Management (1)PAIB / CFO plays many important roles in implementinggood risk management in organizations:A. Championing the importance of good risk managementB. Supporting line management through the provision of high-quality informationC. Establishing risk management for the finance function Page 15 | Confidential and Proprietary Information
  • 16. ICAP CFO Conference 2013Role of the PAIB / CFO in Risk Management (2)A. Championing the importance of good risk management• CFOs and many PAIBs are in leadership positions• Attitude and behavior of the CFO / PAIB sets tone for good risk management and internal control in the organization• Integrating risk management and internal control into the line management of an organization!• Most important element: making risk management part of every decision making process in the organization (SWOT) Page 16 | Confidential and Proprietary Information
  • 17. ICAP CFO Conference 2013Role of the PAIB / CFO in Risk Management (3)B. Supporting line management through the provision ofhigh-quality information• Decisions should not be taken without explicit understanding of the related risks and their potential consequences for achieving an organization’s objectives• Therefore, decision makers require relevant and reliable information for their decision making and control processes• CFO / PAIB responsible for provision of high-quality information produced through the finance & control system Page 17 | Confidential and Proprietary Information
  • 18. ICAP CFO Conference 2013Role of the PAIB / CFO in Risk Management (4)C. Establishing risk management for the finance function• CFOs / PAIBs usually are specifically accountable for finance and control• Therefore, CFOs / PAIBs should make risk management part of every decision related to achieving the organization’s finance objectives• CFOs / PAIBs usually also involved in analyzing of and reporting on the organization’s (risk management and internal control) achievements Page 18 | Confidential and Proprietary Information
  • 19. ICAP CFO Conference 2013ICAP and IFAC Supporting the PAIB / CFOTogether, ICAP and IFAC’s PAIB Committee supportPAIBs / CFOs through:• Collaborating with regulators and standard setters in area of governance, risk management, and internal control• Developing additional guidance for PAIBs / CFOs• Bringing together resources for PAIBs / CFOs• Levering knowledge for PAIBs / CFOs through various channels, such as this CFO conference Page 19 | Confidential and Proprietary Information
  • 20. ICAP CFO Conference 2013IFAC Collaboration with COSO• Committee of Sponsoring Organizations of the Treadway Commission (COSO)• Providing thought leadership through the development of frameworks and guidance on risk management and internal control• Revised Framework expected in April 2013 and available at www.coso.org Page 20 | Confidential and Proprietary Information
  • 21. ICAP CFO Conference 2013COSO Framework Page 21 | Confidential and Proprietary Information
  • 22. ICAP CFO Conference 2013IFAC Collaboration with ISO 31000• International Standards Organization (ISO) developed the standard ISO 31000:2009 Risk Management• Can be used by any public, private or community enterprise, association, group, or individual• Can be applied to any type of risk, whatever its nature, whether having positive or negative consequences Page 22 | Confidential and Proprietary Information
  • 23. ICAP CFO Conference 2013ISO 31000 Risk Management Principles• Creates value• Integral part of organizational processes• Part of decision making• Explicitly addresses uncertainty• Systematic, structured and timely• Based on the best available information• Tailored• Takes human and cultural factors into account• Transparent and inclusive• Dynamic, iterative and responsive to change• Facilitates continuous improvement Page 23 | Confidential and Proprietary Information
  • 24. ICAP CFO Conference 2013ISO 31000 Risk Management Framework Mandate and Commitment Design of Framework Continual Improvement Implementing Risk of Framework Management Monitoring and review of Framework Page 24 | Confidential and Proprietary Information
  • 25. ICAP CFO Conference 2013ISO 31000 Risk Management Process Establishing the Context Communication and Consultation Risk Assessment Monitoring and Review Risk Identification Risk Analysis To be applied in every decision Risk Evaluation making process and subsequent Risk Treatment execution! Page 25 | Confidential and Proprietary Information
  • 26. ICAP CFO Conference 2013IFAC Risk Management & Internal Control > Publications• Evaluating and Improving Governance in Organizations• Evaluating and Improving Internal Control in Organizations• Integrating Governance in for Sustainable Success• All IFAC Publications free-of-charge at www.ifac.org Page 26 | Confidential and Proprietary Information
  • 27. ICAP CFO Conference 2013Evaluating and Improving Internal Control in Organizations• Highlighting areas where practical application of internal control standards often fails in many organizations• Designed to establish a benchmark for good practice in maintaining effective internal control in response to risk• For all types of organizations, as all organizations—whether private or public—should have appropriate internal control Page 27 | Confidential and Proprietary Information
  • 28. ICAP CFO Conference 2013Guidance Principles > Good Internal Control Should:• Support the organization’s objectives• Define clear roles and responsibilities• Foster a motivational culture• Link to individual performance• Ensure sufficient competency• Respond to risk• Be communicated regularly• Be monitored and evaluated regularly• Provide for accountability and transparency Page 28 | Confidential and Proprietary Information
  • 29. ICAP CFO Conference 2013Next steps > Guidance in integration of risk & control• Risk management and internal control are a means to an end: making sound (SWOT) decisions to achieve the organization’s objectives without surprises!• Principles on how CFOs / PAIBs can support their organization integrating risk management and internal control into the organization’s overall governance and management system Page 29 | Confidential and Proprietary Information
  • 30. ICAP CFO Conference 2013Conclusions (1)• Risk is the effect of uncertainty on (achieving) the organization’s objectives• Strategic (risk) management is primarily about achieving the organization’s objectives, while addressing risk• Many flaws in current risk management practice• PAIBs / CFOs support strategic (risk) management in their organizations in various ways• ICAP and IFAC support PAIBs / CFOs• However, no matter the guidance provided… Page 30 | Confidential and Proprietary Information
  • 31. ICAP CFO Conference 2013Conclusions (2)• …There will always be some who do it their own way! Page 31 | Confidential and Proprietary Information
  • 32. ICAP CFO Conference 2013Strategic Risk Management in the Face of Uncertaintyand Unexpected RisksQuestions?• Many thanks for your interest• Happy to answer your questions Page 32 | Confidential and Proprietary Information
  • 33. • For further information please contact:• Vincent Tophoff at vincenttophoff@ifac.org• Visit www.ifac.org Page 33 | Confidential and Proprietary Information