Risk Management And Internal Control In The Changing Econmic Landscape

1,571 views

Published on

The changing business landscape requires more emphasis on enterprise risk management

Published in: Business, Economy & Finance
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,571
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
122
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Risk Management And Internal Control In The Changing Econmic Landscape

  1. 1. RISK MANAGEMENT AND INTERNAL CONTROL IN CHANGING ECONOMIC LANDSCAPE<br />Nik Mohd Hasyudeen Yusoff<br />Finance Function Excellence<br />12 October 2009<br />Competitiveness Through Innovation and Strategy<br />
  2. 2. Agenda<br />Attaining business sustainability through risk management<br />Changing business landscape and risk profile<br />Linking risks to internal control<br />Good governance factor in risk management<br />Mindset and culture in strengthening risk management<br />
  3. 3. Attaining business sustainability through risk management<br /><ul><li>A business:
  4. 4. Needs to serve customers
  5. 5. Needs to compete
  6. 6. Operates in business environment that keeps on changing
  7. 7. Is affected by global developments
  8. 8. Has stakeholders beyond shareholders
  9. 9. Generates profit through risk taking (uncertainty)</li></li></ul><li>Attaining business sustainability through risk management<br />Value Creation Facets of BHP Billiton<br />Value creation is multi-facet and could be viewed from internal dimension as well as external dimension<br />Balancing the value proposition to shareholders and stakeholders would be key to business sustainability<br />
  10. 10. Attaining business sustainability through risk management<br />Inovastra’s view of value creation<br />Leadership<br />Strategy<br />Values<br />Value proposition<br />Internal resources<br />Value creation<br />Customers<br />People<br />Processes<br />Functionality<br />Platform<br />Intellectual assets<br />Feelings<br />Physical resources<br />Financials<br />Protocol<br />External network<br />Business partners<br />Institutional partners<br />
  11. 11. Attaining business sustainability through risk management<br />Enterprise risk management encompasses:<br />Aligning risk appetite and strategy<br />Enhancing risk response decisions<br />Reducing operational surprises and losses<br />Identifying and managing multiple and cross-enterprise risks<br />Seizing opportunities<br />Improving deployment of capital<br />
  12. 12. Attaining business sustainability through risk management<br />In ensuring business sustainability, the appreciation of risks and mitigation of risks at the strategic level is very important<br />Key strategic risks are:<br />Demand risk<br />Competitive risk<br />Capability risk<br />
  13. 13. The business landscape should not only be view from a single dimension such as between a business and its customers only<br />The drivers that change the landscape and the effect on all players should also be understood<br />Changing business landscape and risk profile<br />
  14. 14. Politics<br />Your<br />Competitors<br />Your<br />Competitors<br />Economy<br />Your<br />Customers<br />Your<br />Customers<br />Your<br />Customers<br />Society<br />Technology<br />Your<br />Business<br />Your<br />Suppliers<br />Your<br />Network<br />Partners<br />Environment<br />Changing business landscape and risk profile<br />
  15. 15. Politics drive government policies which would affect the economy and business climate<br />Global and regional political developments add to the complications of local politics<br />How far would the G-20 initiatives would affect you?<br />Changing business landscape and risk profile<br />
  16. 16. The inter-linkages between economies could not be denied anymore and any changes in other places would affect the local economic conditions<br />The globalisation and regionalisation of business require businesses be involved in more than one economic regions<br />Do you think the AEC 2015 will affect you industry and your business?<br />Changing business landscape and risk profile<br />
  17. 17. Rights<br />Health<br />Education<br />Security<br />Distribution of wealth<br />New lifestyles<br />Demography<br />Which one of these elements would affect you business most?<br />Changing business landscape and risk profile<br />
  18. 18. Technology has been one of the factors that levels economies and markets<br />Enables new business<br />Destroy existing business<br />Allows different ways of running businesses<br />Would Web 2.0 makes your business model obsolete?<br />Changing business landscape and risk profile<br />
  19. 19. The Green Economy would be more visible in the years to come<br />Rules and regulation, domestically and in the market you serve, would require businesses to assess the business models<br />Is your business already affected by environmental issues?<br />Changing business landscape and risk profile<br />
  20. 20. Don’t be caught like a frog in the boiling pot!<br />Changing business landscape and risk profile<br />
  21. 21. Changing business landscape and risk profile<br />Some turbulence could be detectable some are not<br />Spurts of prosperity<br />Chaotic <br />Continuum<br />Spurts of downturn<br />Adapted from The Chaotics Model – Kotler and Caslione <br />
  22. 22. Changing business landscape and risk profile<br />Turbulence is the unpredictable and swift changes in an organisational internal or external environment that affects its performance<br />A business arrives at a strategic inflection point when its old strategy no longer works and must be replaced by new one if it want to ascend to new heights<br />Strategic Inflection Point<br />Level<br />Of<br />Chaos<br />Time<br />
  23. 23. Linking risks to internal control<br />Internal control is broadly defined as a process, effected by an entity&apos;s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:<br />Effectiveness and efficiency of operations.<br />Reliability of financial reporting.<br />Compliance with applicable laws and regulations.<br />
  24. 24. Linking risks to internal control<br />Policies and procedures to ensure management directives are carried out effectively<br />Approvals and authorisations<br />Verification and reconciliation<br />Review of operations<br />Security of assets<br />Segregation of duties<br />To bring down the risks to the level within the<br />risk appetite set by the Board<br />
  25. 25. Giving up the illusion that you could predict the future is a very liberating moment. All you can do is to give yourself the capacity to respond to the only certainty of life – which is uncertainty. The creation of that capability is strategy.<br />Lord John Browne, Group Chief Executive of BP<br />Changing business landscape and risk profile<br />
  26. 26. Linking risks to internal control<br />Understanding and responding to changes is not really rocket science, however a lot of organisation fail to put in place a framework to understand and responding to changes<br />
  27. 27. Linking risks to internal control<br />
  28. 28. Greed!<br />Unmitigated excessive risk taking<br />Independent directors turn dependent<br />Executive incentives linked to short-term performance<br />Auditors putting business interests above professional values<br />Good governance factor in risk management<br />
  29. 29. The global financial crisis had surfaced governance lapses at various levels<br />As key outcome of good governance is business sustainability, the roles played by the board and management are critical<br />Strategy setting and risk appetite<br />Risks assessment and mitigation<br />Getting risk management functioning across organisation and across formal and informal structures<br />Good governance factor in risk management<br />
  30. 30. A recent research by Northern Carolina State University discovered that:<br />Over 60% of respondents believe that the volume and complexity of risks have changed “Extensively” or “A Great Deal” in the last five years <br />Just over a third of respondents (36%) note that they were caught off guard by an operational surprise “Extensively” or “A Great Deal” in the last five years <br />Good governance factor in risk management<br />
  31. 31. Good governance factor in risk management<br />44% of respondents have no enterprise-wide risk management process in place and have no plans to implement one. An additional 18% without ERM processes in place indicate that they are currently investigating the concept, but have made no decisions about implementing ERM <br />Forty-three percent do not have their business functions establishing or updating assessments of risk exposures on any formal basis. Over 75% indicate that key risks are being communicated merely on an ad hoc basis at management meetings <br />
  32. 32. For those audit committees formally monitoring risks for the board, 19% only monitor financial risks, 63% monitor operational and compliance risks in addition to financial risks. Only 18% monitor all entity risks, including strategic risks <br />Despite strong interest in improving senior executive leadership in risk oversight, very few organizations (18%) have created a chief risk officer (CRO) position to lead and coordinate the organization’s risk oversight processes <br />Good governance factor in risk management<br />
  33. 33. <ul><li>Standards and Poor progress report of adoption of ERM in its rated companies:</li></ul>there have been few instances of a firm’s ability to articulate a risk tolerance or risk appetite that has been defined for the organization<br />firms’ focus on managing downside risks with little, if any, attention paid to the opportunities<br />that most risk management activities remain “silo-based” and at the operational managers’ level<br />Good governance factor in risk management<br />
  34. 34. Would reporting failure occur again?<br />Is there another way of guiding people to perform?<br />MIA published a monograph on human governance which focuses on the inside-out approach instead of parameter-driven rule-based governance<br />Spiritual aspect is recognised<br />
  35. 35. Mindset and culture in strengthening risk management<br />Tone from the boardroom<br />Indicate board’s priority<br />Adequate oversight over management implementation of risk management and internal control<br />Linking compensation packages to risk management<br />Would encourage the right culture and mindset<br />Balance between business sustainability and short term performance expectations<br />
  36. 36. Moving Forward Thoughts<br />Taking risk in natural in attaining corporate objectives<br />Given the dynamic environment, risks profile changes and corresponding response is necessary<br />Risk management goes beyond ticking the box and need to be embrace holistically<br />An inside-out approach would encourage the “doing the right thing” culture <br />

×