Monitoring_EN.ppt (313,00 KB)

356 views

Published on

Published in: Business, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
356
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Continuous monitoring here means that management and other staff, according to each and everyone’s authority and responsibility, assess the functioning of the various components of the internal control process over time. This can be done by different monitoring activities or separate evaluations or a combination of both. On-going monitoring occurs in the normal process of management activities. This means, of course, that on-going monitoring activities can be different in different organisations, depending on the needs and requirements of the organisation. On-going monitoring should be integrated with the daily operations of an organisation, for example: management follows up on the financial reports for the latest quarter and pays special attention to unexpected results compared to the anticipated ones in budgets or forecasts and then management analyses how and why the difference has occurred. Also internal and external auditors and other advisors can give recommendations to management and other staff on how to improve the internal control and how to strengthen the risk management. Evaluations are performed when necessary, depending on the assessments made of risks during the course of on-going monitoring. Evaluations can be conducted in many different ways, for example through self-assessments or by independent evaluations performed by another external party such as a consultancy firm. If the on-going monitoring is proved to be effective then there is a lesser need of separate evaluations. The need of evaluations and the frequency of evaluations of the effectiveness of enterprise risk management is a matter of judgement of management. The important message her is to make certain that the findings of on-going monitoring or evaluations be addressed by management and then taken into consideration in the future operations. Reporting of deficiencies in the internal control system is important to all levels in the organisation, while serious deficiencies are reported to the top-level management and/or board of directors.
  • COSO is an American organisation containing companies from the American Accounting Association, American Institute of Certified Public Accountants, the Institute of Management Accountants, the Institute of Internal Auditors, who have made joint efforts to help business organisations to assess and improve their internal control systems. There is also an advisory group to the Committee that contains various companies and other organisations, e.g. Universities. And the large international auditing firm PWC also contributes. The Committee was formed as a response to a need of an improved internal control in the business and financial sectors of society after various bank crises and scandals in large corporations from the 1980’s onwards. In recent years there has been an increased focus on the importance of risk management whereby the first version of COSO internal control framework was further enhanced and developed for management to use to evaluate and improve their organisations enterprise risk management. The word enterprise can refer to both business and simply operations whereby it can also be used in the public administration sector. COSO contains 8 main components according to the latest and updated version from 2004.
  • I will go through each of the following components in the following briefly with some examples. For some of you it may be a first introduction to the idea of COSO Enterprise Risk Management, while for some of you it may be repetition. Of course me and my team of experts will return later this autumn to hold a series of seminars on FMC and COSO where we will have the opportunity to go more deeply into details and give more examples. Also I think its important to regard the components as interrelated with each other and as a part of an on-going and iterative process for internal control – an area we will get back to later on.
  • I think that it’s more beneficial to regard the internal control process as a circle instead of the classic cube that is presented in the COSO books and reading material.
  • Financial Management and Control with respects to Good Governance can be summarised briefly: Proper management of an organisation The type of leadership, that is strong or weak, can determine whether an organisation has effective operations or not The set of values and ethics and morals that influence the management and other staff in an organisation What sort of strategy management has on how to plan operations and run operation of the organisation The risk management and risk analysis that has been prepared for the organisation How management and other staff monitor and measure the performances and achievements in the organisation How management evaluates the results and performances of staff and personnel and also how compensations in the form of wages and salaries are set to reflect these performances and results. How management plans to recruit new competent staff for the future but also to replace staff. How communication and disclosure of information to interested parties and stakeholders is done by management The transparency of operations. This brief list of different features of whether an organisation can be said to have Good Governance or not are also reflected in the following where I present the different components of COSO.
  • The definition is based on COSO. There are some fundamental principles here: Internal control needs to be seen as an on-going process It is effected by people, not an IT-system, nor policies, manuals or guidelines Internal control can provide reasonable assurance, not 100% guarantee to the top-management Internal control focuses on achieving the organisation’s objectives. So the definition of internal control forms the basis for FMC and also for the continued presentation of internal control in the light of Enterprise Risk Management.
  • Enterprise risk management deals with the risks and opportunities to create or preserve value. The definition is fairly long and although it is based on COSO, I have chosen here to use “the acceptable level of risk” instead of “risk appetite”, and also “objective setting” instead of “strategy setting”. The definition needs to be seen as a developed part of the previous definition of internal control, and both go hand-in hand. Here, of course, focus is on risk management. The fundamental principles here to regard are: ERM is a process and effected by the people in the organisation – why a process? Because ERM is a dynamic, not static, set of actions that continuously interact with each other. ERM is applied in setting objectives for the planned operations ERM needs to be applied at all levels in an organisation so that there is a proper identification and inventory of risks It also provides reasonable assurance to the top-management in an organisation, not 100% certainty.
  • This is one of our favourite diagrams in the unit, and we use it in many contexts. It can be a good way of summarising part of what I have said up to now. An authority receives resources (allocation/grant) that are used in an internal process which creates an end performance (here, merely designated performance). We can measure the quantity of the performance and also its quality. For example, how many cases have been handled, how long they took and whether they have turned out correctly, etc. The effects of authorities’ performances is, as I have said earlier, more difficult to measure because it is difficult to exclude all the other things that have an influence. When we put performance in relation to input resources, we usually talk about productivity which shows whether the authority has produced in a good (cost efficient way). There is a requirement for many authorities to give an account of productivity developments, and this is not always as easy as one might think. If we instead look at the effects in relation to resources, we obtain the efficiency which can be said to be whether the authority is doing the right things.
  • This is one of our favourite diagrams in the unit, and we use it in many contexts. It can be a good way of summarising part of what I have said up to now. An authority receives resources (allocation/grant) that are used in an internal process which creates an end performance (here, merely designated performance). We can measure the quantity of the performance and also its quality. For example, how many cases have been handled, how long they took and whether they have turned out correctly, etc. The effects of authorities’ performances is, as I have said earlier, more difficult to measure because it is difficult to exclude all the other things that have an influence. When we put performance in relation to input resources, we usually talk about productivity which shows whether the authority has produced in a good (cost efficient way). There is a requirement for many authorities to give an account of productivity developments, and this is not always as easy as one might think. If we instead look at the effects in relation to resources, we obtain the efficiency which can be said to be whether the authority is doing the right things.
  • Monitoring_EN.ppt (313,00 KB)

    1. 1. Monitoring One of eight main components in Enterprise Risk Management (ERM) & A central part of Performance Management Presentation held by Nils Eklund PhD, Expert In Performance Management
    2. 2. Monitoring, opening session <ul><li>Introduction to Monitoring – ongoing activities and specific evaluation. </li></ul><ul><li>Summing up – links to Concept of three E:s, COSO, Performance Management </li></ul>
    3. 3. Monitoring <ul><li>The process of internal control and enterprise risk management is continuously monitored by management and other staff </li></ul><ul><li>On-going monitoring </li></ul><ul><li>Evaluations </li></ul><ul><li>Reporting of serious deficiencies to top-level management or board of directors </li></ul>
    4. 4. Context of monitoring: COSO <ul><li>COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission, formed in early 1990’s </li></ul><ul><li>COSO has become an international framework for management and auditors to follow in both private and public sector </li></ul><ul><li>Comprises eight main components in the latest updated version of Enterprise Risk Management (ERM) from 2004 </li></ul>
    5. 5. COSO – Enterprise Risk Management (ERM) <ul><li>Comprises 8 components: </li></ul><ul><ul><li>Internal Environment </li></ul></ul><ul><ul><li>Objective Setting </li></ul></ul><ul><ul><li>Event Identification </li></ul></ul><ul><ul><li>Risk Assessment </li></ul></ul><ul><ul><li>Risk Response </li></ul></ul><ul><ul><li>Control Activities </li></ul></ul><ul><ul><li>Information and Communication </li></ul></ul><ul><ul><li>Monitoring </li></ul></ul>
    6. 6. COSO components as a process
    7. 7. Monitoring – specification <ul><li>Keyword: deficiencies </li></ul><ul><li>Searching for </li></ul><ul><li>Focusing on </li></ul><ul><li>Identification of </li></ul><ul><li>Reporting of </li></ul><ul><li>Serious deficiencies, unexpected or unwanted performance and unforseen effects </li></ul>
    8. 8. Monitoring vs. Control Activities <ul><li>In Control You assure that what should be done according to rules or plan really is done. For example, approval of transactions or reconciliations of account balances. </li></ul><ul><li>With Monitoring You focus what is not done according to plan, systematize an learn for considering appropriate actions </li></ul>
    9. 9. Financial Management and Control (FMC) – features of Good Governance in brief <ul><ul><li>Factors of concern for monitoring </li></ul></ul><ul><ul><li>Proper management of organisations </li></ul></ul><ul><ul><li>Type of leadership </li></ul></ul><ul><ul><li>Set of values and ethics within organisation </li></ul></ul><ul><ul><li>Strategy and planning of operations </li></ul></ul><ul><ul><li>Risk management and risk analysis </li></ul></ul><ul><ul><li>Measuring and monitoring performance of organisation </li></ul></ul><ul><ul><li>Management evaluation, compensation and succession planning of staff </li></ul></ul><ul><ul><li>Communications and disclosure of information to interested parties and stakeholders </li></ul></ul><ul><ul><li>Transparency of operations </li></ul></ul>
    10. 10. Definition of internal control: <ul><li>Internal control is a process , effected by an entity’s board of directors, management and other personnel, designed to provide a reasonable assurance regarding the achievement of the objectives in the following categories: </li></ul><ul><ul><li>Effectiveness and efficiency of operations </li></ul></ul><ul><ul><li>Reliability of financial reporting </li></ul></ul><ul><ul><li>Compliance with applicable laws and regulations. </li></ul></ul>
    11. 11. Definition of Enterprise Risk Management: <ul><li>Enterprise risk management is a process , </li></ul><ul><li>effected by an entity’s board of directors, management and other personnel, </li></ul><ul><li>applied in objective setting and across the organisation, </li></ul><ul><li>designed to identify potential events that may affect the entity, and </li></ul><ul><li>manage risk to be within the acceptable level of risk, to provide reasonable assurance regarding the achievement of entity objectives. </li></ul>
    12. 12. Monitoring and Performance mangement <ul><li>Resources </li></ul>Process Performance Effects An input-output model A process for adding and earning values – and reporting and securing
    13. 13. Concept of the three E:s <ul><li>Resources </li></ul>Process Performance Effects Economy Effectiveness Efficiency
    14. 14. Economy , Efficiency and Effectiveness 2:5 Definition Minimising the cost of resources for an activity, having regard to the appropriate quality. The relationship between the output in terms of goods, services or other results, and the resources used to produce them . Effects compared with goals and related to the resources used to achieve the goals. Concept Economy Efficiency Effectiveness
    15. 15. Performance management in action <ul><li>Goals are set for assignments to agencies </li></ul><ul><li>Assignments carr y through </li></ul><ul><li>Current information and reports on results </li></ul><ul><li>Results systematically valued with reference to goals </li></ul><ul><li>Analyse of results is used when goals for new assignments are set </li></ul><ul><li>Two steps in performance management </li></ul><ul><li>Operations </li></ul><ul><li>Monitoring </li></ul>
    16. 16. Three goals for performance management in Sweden <ul><li>Shape conditions for good control of the public treasury economy </li></ul><ul><li>High productivity and efficiency in operating with governmental resources efficiency </li></ul><ul><li>Allocation of resources based on political priorities effectiveness </li></ul>
    17. 17. Methods for performance management <ul><li>Shape pressure (energy) </li></ul><ul><li>Make the working solution real </li></ul><ul><li>In support, separate strength from weakness </li></ul><ul><li>Monitoring </li></ul>
    18. 18. The challenge for monitoring <ul><li>” Society is an puzzling animal with many faces and hidden forces” Vaclav Havel </li></ul>

    ×