The document discusses audit, risk management, and the role of the audit committee. It provides definitions of risk, audit, and the audit committee. It outlines the classification of risks into strategic, operational, and compliance risks. It describes the expectations from effective risk management, including avoiding surprises, protecting reputation, and informed decision making. It summarizes the role of the audit committee in overseeing financial reporting, internal controls, and risk management policies.

1. Audit, Audit Committee & Risk
Management
- Manoj Agarwal at Institute of Company Secretaries of India
TT

2. Agenda
• What is Risk
• Risk Management
• Classification of Risks
• What is Audit
• Audit Committee Role
• Expectation from Risk Management
2 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

3. What is Risk?
Risk, in traditional terms, is viewed as a „negative‟.
The Chinese give a much better description of risk
• The first is the symbol for “danger”, while
• the second is the symbol for “opportunity”,
making risk a mix of danger and opportunity.
“Risk- let‟s get this straight up front – is good. The
point of Risk management is not to eliminate it; that
would eliminate reward. The point is to manage it –
that is, choose to place bets, where to hedge bets,
and where to avoid betting together.” - Thomas A.
Stewart
3 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

4. Risk & Risk Management
In economic terms, profit is the reward for entrepreneurship or “Risk
Taking”
As a lay investor, our investment planning is based on risk
perception – bank deposits, life insurance, debentures and GoI
bonds, Mutual Funds, Shares, Private Equity….
Risk management is an attempt to identify, measure and
monitor risks– so as to manage uncertainty.
4 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

5. Risk Management
1 Understand the nature and extent of risks facing the company
2 Understand the extent and categories of risks which it regards as
acceptable for a company to bear
3 Understand the likelihood of risks concerned materializing
4 Company‟s ability to reduce the incidence and impact on
business of risks that do materialize
5 Costs of operating particular controls relative to benefits
5 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

6. Classification of Risks
Strategic
• A strategic risk is a risk that a company is exposed to when
pursuing its business objectives, or likely loss arising from a
poor strategic business decision. e.g. Too much dependence
on one line of business; or a failed acquisition
Operational
• Operational risk as the risk of loss resulting from inadequate or
failed internal processes, people and systems, or from external
events. e.g. Frauds in Banking; Risk of poor planning e.g.
Funds constraint
Compliance
• Risks a company is exposed to because of breach of law /
regulatory requirement. e.g. Non compliance in foreign
country due to ignorance.
6 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

7. The Need for Risk Management
• Complex, ever changing macro environment
• Sustainable, profitable growth to meet stakeholder expectation
• Trend towards greater transparency & enhanced levels of
corporate governance
# Move from survival to competitive advantage
7 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

8. Eight Components of COSO ERM Model
8 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

9. Eight Components of COSO ERM Model
ERM Process
Objective Setting
Strategic Objectives – Related Objectives – Selected Objectives – Risk Appetite – Risk Tolerance
Event Identification
Events – Factors Influencing Strategy and Objectives – Methodologies and Techniques
Event Interdependencies
Event Categories – Risks and Opportunities
Risk Assessment
Inherent and Residual Risk – Likelihood and Impact
Methodologies and Techniques – Correlation
Risk Response
Identify Risk responses – Evaluate Possible Risk Responses – Select Responses – Portfolio View
Control Activities
Integration with Risk Response – Types of Control Activities – General Controls
Application Controls – Entity Specific
Information & Communication
Information – Strategic and Integrated Systems – Communication
Monitoring
Separate Evaluations – Ongoing Evaluations
9 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

10. Top 10 Risks–EY2010 Business Risk Report
Rank Risk
1 Regulation and compliance
2 Access to credit
3 Slow recovery or double-dip
Recession
4 Managing talent
5 Emerging markets
6 Cost cutting
7 Non-traditional entrants
8 Radical greening
9 Social acceptance risk and
corporate social responsibility
10 Executing alliances and
transactions
10 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

11. Board Disclosures –Risk management (Clause 49)
1. It shall put in place procedures to inform Board members about the
risk assessment and minimization procedures. These procedures
shall be periodically reviewed to ensure that executive management
controls risk through means of a properly defined framework.
2. Management shall place a report certified by the compliance officer
of the company, before the entire Board of Directors every quarter
documenting the business risks faced by the company, measures to
address and minimize such risks, and any limitations to the risk
taking capacity of the corporation. This document shall be formally
approved by the Board.
11 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

12. What is Audit
The general definition of an audit is an evaluation of a person,
organization, system, process, enterprise, project or product. The
term most commonly refers to audits in accounting, but similar concepts
also exist in project management, quality management, and energy
conservation
(source Wikipedia)
Audits are performed to ascertain the validity and reliability of
information; also to provide an assessment of a system's internal
control. The goal of an audit is to express an opinion on the person /
organization / system (etc.) in question, under evaluation based on work
done on a test basis.
12 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

13. Audit Committee
1. Company to constitute an audit committee with terms of reference
2. At least three members- two thirds independent
3. Chairman to be independent- must attend every AGM to answer
shareholder queries
4. All members financially literate & at least 1 member to be
accounting or related financial management expert
5. May meet with or without executives – generally CFO & CEO are
invited
6. Must meet at least 4 times a year - quorum = greater of 2 members
or 2/3rd and at least 2 independent
13 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

14. Audit Committee’s role – Clause 49
1. Oversee financial reporting process
2. Recommend to the Board the hiring and firing of statutory auditors and
confirming their remuneration
3. Review the adequacy of internal control system
4. Reviewing the adequacy of structures, staffing and examining the scope
of internal audit department
5. Discussing significant findings and follow ups with internal auditors
6. Review of financial and risk management policies
7. To review working of whistle blower mechanisms
8. Other functions specified in terms of reference
14 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

15. Review of information by Audit Committee
The Audit Committee shall mandatorily review the following information:
1. Financial statements and draft audit report, including quarterly / half-
yearly financial information;
2. Management discussion and analysis of financial condition and
results of operations;
3. Reports relating to compliance with laws and to risk management;
4. Management letters / letters of internal control weaknesses issued
by statutory / internal auditors; and
5. Records of related party transactions
6. The appointment, removal and terms of remuneration of the Chief
internal auditor shall be subject to review by the Audit Committee
15 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

16. Expectation from Risk Management
• Avoidance of Surprises
• Effective evaluation of cost of control
• Protection of the Reputation
• Proper allocations of resources
• Higher probability of meeting targets
• More informed decision making
• Recognizing opportunities and focusing on areas for
improvement
….Leading to competitive advantage
16 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

17. 17 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

18. Risk awareness…
CAN’T MANAGE WHAT YOU DON’T SEE!
18 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

19. No Risk
No Gain!
19 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

20. Thank You
Manoj.Agarwal@anbglobal.com
20 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

21. Management Discussion and Analysis report
This Management Discussion & Analysis should include discussion on
the following matters within the limits set by the company‟s competitive
position:
1. Industry structure and developments.
2. Opportunities and Threats.
3. Segment–wise or product-wise performance.
4. Outlook.
5. Risks and concerns.
6. Internal control systems and their adequacy.
7. Discussion on financial performance with respect to operational
performance.
8. Material developments in Human Resources / Industrial Relations
front, including number of people employed.
Back
21 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

22. Training of Board Members
Company shall train its Board members in the business model of the
company as well as the risk profile of the business parameters of the
company, their responsibilities as directors, and the best ways to
discharge them.
(Non Mandatory Requirement Clause 49)
Back
22 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T

23. Audit Committee reporting
Inherent risk Control risk Overall risk
Area 1
- Risk 1
- Risk 2 Med High Med - high
- Risk 3
……… Audit Committee Heat Map
Area 2
- Risk 1 -Provide internal audit view of risks
- Risk 2 Low Med Med - low
- Risk 3 -Provide underlying basis of
………
Area 3
ratings
- Risk 1
- Risk 2 High Low Med - high
-Ratings drive the frequency of
- Risk 3
………
audits
Area 4
- Risk 1
- Risk 2 High High High
- Risk 3
………
Explained above is a generic model – sophisticated
scoring techniques could be used to arrive at ratings Back
23 5-Mar-2011 © ANB Consulting CO. Pvt. Ltd. T