The document discusses the role of chartered accountants in enterprise risk management. It begins with defining risk and the types of risks faced by organizations. It then explains what enterprise risk management is, its importance and benefits. It outlines the statutory requirements for ERM in India per the Companies Act and SEBI regulations. Finally, it details the various ways chartered accountants can facilitate the ERM process, such as conducting process audits, developing ERM frameworks, and assisting with implementation.
Best Practices in Creating a Strategic Finance FunctionFindWhitePapers
Many CFOs and the finance organizations they lead have started to take on new strategic roles within the enterprise. Their goal is to enforce stricter control processes to ensure legal and regulatory compliance, offer strategic insights into the internal and external business environment, and connect the business strategy with daily operations through performance tracking.
This presentation is an overview of SA 210 (R). Prepared with Prof. S. Sircar.
Dr. Soheli Ghose ( Ph.D (University of Calcutta), M.Phil, M.Com, M.B.A., NET (JRF), B. Ed).
Assistant Professor, Department of Commerce,St. Xavier's College, Kolkata.
Guest Faculty, M.B.A. Finance, University of Calcutta, Kolkata
One wasteful place where money flows out the door in small businesses is in late fees. Invoices get paid late when they are out of sight. Having an accounts payable process in place that includes visual cues can reduce, even eliminate paying fees, fines and penalties associated with missed or past due invoices.
Best Practices in Creating a Strategic Finance FunctionFindWhitePapers
Many CFOs and the finance organizations they lead have started to take on new strategic roles within the enterprise. Their goal is to enforce stricter control processes to ensure legal and regulatory compliance, offer strategic insights into the internal and external business environment, and connect the business strategy with daily operations through performance tracking.
This presentation is an overview of SA 210 (R). Prepared with Prof. S. Sircar.
Dr. Soheli Ghose ( Ph.D (University of Calcutta), M.Phil, M.Com, M.B.A., NET (JRF), B. Ed).
Assistant Professor, Department of Commerce,St. Xavier's College, Kolkata.
Guest Faculty, M.B.A. Finance, University of Calcutta, Kolkata
One wasteful place where money flows out the door in small businesses is in late fees. Invoices get paid late when they are out of sight. Having an accounts payable process in place that includes visual cues can reduce, even eliminate paying fees, fines and penalties associated with missed or past due invoices.
Failure deriving from underestimating risk managementPECB
What is risk? Why are organizations concerned with it?
Whether it is driving, taking a shower or just going at the grocery store, everyone exposes themselves to risk. Organizations face internal and external risks that endanger the possibility of achieving their goals and objectives. As the world becomes more unpredictable, the concept of risk has turned into a major concern to professionals of different industries. According to ISO 31000, risk is the effect of uncertainty on objectives. In addition, risk management is the process of identifying, analyzing, and prioritizing risks. The goal of risk management is to manage risks before they affect the organization.
Dr haluk f gursel fraud examination rises to distinction article grcj 2010 1_v3_Haluk Ferden Gursel
Global firms are recognizing that the
anti-fraud profession is an important
component of risk measurement and
avoidance. The analysis below
illustrates how recent risk-based
management control systems are
hastening the development of
specialized anti-fraud agents. It is
evident that the increased public
appetite for transparency and enhanced
accountability has also spurred rapid
developments in the anti-fraud
discipline.
Abstract: Risk management is an activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Objective of risk management is to reduce different risks related to a pre-selected domain to an acceptable. It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. The paper describes the different steps in the risk management process which methods are used in the different steps, and provides some examples for risk and safety management.
STRATEGIC PLANNINGManaging Risks A NewFrameworkby Rob.docxsusanschei
STRATEGIC PLANNING
Managing Risks: A New
Framework
by Robert S. Kaplan and Anette Mikes
FROM THE JUNE 2012 ISSUE
W
Editors’ Note: Since this issue of HBR went to press, JP Morgan, whose risk management practices are
highlighted in this article, revealed significant trading losses at one of its units. The authors provide
their commentary on this turn of events in their contribution to HBR’s Insight Center on Managing
Risky Behavior.
hen Tony Hayward became CEO of BP, in 2007, he vowed to make safety his top
priority. Among the new rules he instituted were the requirements that all
employees use lids on coffee cups while walking and refrain from texting while
driving. Three years later, on Hayward’s watch, the Deepwater Horizon oil rig exploded in the Gulf
of Mexico, causing one of the worst man-made disasters in history. A U.S. investigation commission
attributed the disaster to management failures that crippled “the ability of individuals involved to
identify the risks they faced and to properly evaluate, communicate, and address them.” Hayward’s
story reflects a common problem. Despite all the rhetoric and money invested in it, risk
management is too often treated as a compliance issue that can be solved by drawing up lots of rules
and making sure that all employees follow them. Many such rules, of course, are sensible and do
reduce some risks that could severely damage a company. But rules-based risk management will not
diminish either the likelihood or the impact of a disaster such as Deepwater Horizon, just as it did
not prevent the failure of many financial institutions during the 2007–2008 credit crisis.
Identifying and Managing
Preventable Risks
In this article, we present a new categorization of risk that allows executives to tell which risks can
be managed through a rules-based model and which require alternative approaches. We examine
the individual and organizational challenges inherent in generating open, constructive discussions
about managing the risks related to strategic choices and argue that companies need to anchor these
discussions in their strategy formulation and implementation processes. We conclude by looking at
how organizations can identify and prepare for nonpreventable risks that arise externally to their
strategy and operations.
Managing Risk: Rules or Dialogue?
The first step in creating an effective risk-management system is to understand the qualitative
distinctions among the types of risks that organizations face. Our field research shows that risks fall
into one of three categories. Risk events from any category can be fatal to a company’s strategy and
even to its survival.
Category I: Preventable risks.
These are internal risks, arising from within the organization, that are controllable and ought to be
eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, illegal,
unethical, incorrect, or inappropriate actions and the risks from br.
Yvonne I Pytlik Journal Of Securities Law, Regulation & Compliance April ...ypytlik
April 2010 - Journal of Securities Law, Regulation & Compliance Volume 3 Number 2
Compliance risk: A critical business risk
for asset managers
ABSTRACT
2010 presents a historical moment to define the
path forward to the ‘future of enterprise risk
management and mitigation strategies’ of
increasing compliance risk for asset managers.1–4
The recent financial crises and cases of material
compliance violations, Ponzi schemes, fraudulent
activities, misappropriation of investors’ assets
and collapse of major financial firms have had
significant, harmful impact on investors and
shareholders. Serious compliance violations, such
as insider trading, have proven to be self-destructive
to asset managers. No one is immune to
these trends. ‘Enterprise Risk Management —
2010 and Beyond Forward Looking Approach
by Asset Managers’ is a series of papers dedicated
to regulatory developments and industry best practices in the enterprise risk management
with a focus on ‘compliance risk: a critical business
risk for asset managers’.
The underlying premise of enterprise risk management is that the Company exists to provide value for its stakeholders – customers, employees, and shareholders. Like any business, every Company faces some uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise risk management enables senior management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives. These capabilities inherent in enterprise risk management help management achieve the Company’s performance and profitability targets, and minimize loss of resources. Enterprise risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the Company’s reputation and associated consequences. In sum, enterprise risk management helps the Company get to where it wants to go and avoid pitfalls and surprises along the way. Enterprise risk management encompasses:
• Aligning Risk Appetite and Strategy
• Enhancing Risk Response Decisions
• Reducing Operational Surprises and Losses
• Identifying and Managing Multiple and Cross-Enterprise Risks
• Seizing Opportunities
• Improving Deployment of Capital
• Leveraging Talent, Structure, Process, and Capital
ERM Implementation ERM is essential for organizations.docxelbanglis
ERM Implementation
ERM is essential for organizations in managing risks and improve on opportunities related to the achievement of organizational objectives. Statoil and United Grain Growers have established an enterprise risks management that meets their company goals based on the challenges each of them is facing.
The primary difference between ERM in Statoil and United Grain Growers is that ERM will affect management at the latter. Additionally, ERM at United Grain Growers seeks to retrieve the company from financial constraints while at Statoil, ERM seeks to improve organizational performance. However, ERM at the two companies share some similarities. For instance, ERM at United Grain Growers seeks to identify and access principle risks. The same applies to Statoil which seeks to identify any potential risks during the exercise. Besides, the two companies have a strategic risk plan. A strategic plan is essential as it outlines the role of a manager, CEO and everyone involved in the steps of an ERM (Robert and Liebenberg, 2011). United Grain growers has a strategic plan to improve financial dividends while Statoil has a risk map and committee with outlined roles and responsibilities.
The Statoil ERM seems workable and productive meaning I can implement it is it were up to me. On the contrary, I will not implement the United Grain Growers ERM. In my opinion, the ERM lacks the potential to solve financial constraints that the company is experiencing. However, some parts of it are productive, but a merger comes in with other risks for the struggling company. For instance, a merger will lead to employee layoff which might put the company at a risk of losing some important skills (Chui, 2011). Additionally, the company assets might be miscalculated during financial evaluation leading to more losses.
Generally, the ERM at Statoil might be successful in future because it is based on company goals and values. On the contrary, UGG ERM might not succeed because there are many risks associated with its strategy for implementation.
References
Chui, B.S. 2011. A Risk Management Model for Merger and Acquisition.
Robert, E.H. and Liebenberg, A.P. (2011). The Value of Enterprise Risk Management. The
Journal of Risk and Insurance, 78(4).pp. 795-822.
https://doi.org/10.1111/j.15396975.2011.01413.x
According to Brustbauer, 2016 Enterprise risk management help the company prepare for the uncertainties and disasters that may occur all along. Every business must identify the threats likely to face the business and come up with a contingency plan. Different companies faces different threats and uncertainties and therefore while coming up with the risk management plan one must consider the uniqueness of the enterprise and the likely threats to occur. These differences make the companies and business have different hierarchy of risks that are likely to occur. This paper is going to compare and contrast the enterprise risk management of the united g ...
Similar to Chartered Accountant’s Role in an Enterprise Risk Management (20)
Global role of ca in the whole gamut of succession and transfer of asset incl...CA. (Dr.) Rajkumar Adukia
The article gives insight about will document and execution of same. The author believes that the chartered accountant in the capacity of an executor can better assist with the process of working through the planning of the estate along with administration from an accounting and taxation perspective once the estate commences.
Being appointed as, and accepting the role of an executor typically comes with many responsibilities, however a chartered accountant with their expert knowledge in finance are able to ace the role as an executor of the estate distribution made in the form of will by the testator
Opportunities for CAs as independent directors to enhance the credibility and...CA. (Dr.) Rajkumar Adukia
The concept of Independent Directors is a welcome step for corporate governance in India. Independent directors are expected to use their capacity, knowledge, and resources towards the maximization of stakeholders’ value and well-being. They ensure the progress of mankind through transparency, accountability, and truthful disclosure of the state of affairs of the company. The Companies Act, 2013 has conferred greater empowerment upon Independent Directors to ensure that the management and affairs of a company are being run fairly and smoothly.
The co-operative movement that was started to help the rural indebtedness has now made noticeable progress. The sector has grown in size and expanses, resulting in creating a space for itself in the economic framework of the country. Professionals like chartered accountants can too contribute to the nation by serving such cooperatives and reaching out to society. With their excellent technical and soft skills, they are well fitted for the role of assistance to cooperatives banks, multi-state cooperative societies, cooperative societies, and can serve the cooperative sector ultimately serve the nation.
Professional services a chartered accountant can provide in preventing money ...CA. (Dr.) Rajkumar Adukia
The implementation of PMLA is conferred on several authorities as mentioned such as Director or Additional Director or Joint Director, Deputy Director, Assistant Director, and such additional directors/officers whose appointment may be deemed necessary under the provisions of the PMLA. Professionals like chartered accountants are more conversant with the business environment and hold special expertise in finances that gives them an additional advantage to fit into the role of assisting, serving such authorities.
Audit will be there as long as economic or non economic activities are ther...CA. (Dr.) Rajkumar Adukia
Auditing and assurance services are the basic bread and butter
of any professional. Until a few years back, for the general public
an image of a Chartered Accountants that of an audit, and on
our side very few professionals thought of fields beyond auditing.
But with the passage of time, things have changed. Many
more fields of work have merged. But still, rarely do we find a
chartered accountant who is not into any type of audit.
It is common knowledge that contracts are heart and soul of any business activity. A full proof contract requires vast knowledge of the business world, a thorough understanding of drafting knowledge. Commercial contracts form the backbone of many commercial transactions from vendor agreements to client engagement agreements.
In this article we will be discussing the significance of financial planning, how every individual must – must make effective use of money, and why/how the professional may consider this as another unique area of service to use their expertise for
Corporate social responsibility an opportunity to improve the status of soc...CA. (Dr.) Rajkumar Adukia
This article will provide us the overall idea about corporate social responsibility from root level to top level. The main motive behind the formation of this concept is the economic contribution of companies to society
The Chartered Accountants contribution in protecting minority interest for th...CA. (Dr.) Rajkumar Adukia
In order to function the corporate affairs effectively and successfully and to increase the corporate governance, the interest of the minority need to be protected.
The Company law had given a protection to such minority shareholders by giving an option to go to Tribunal for relief and the tribunal on such application shall take to prevent such oppression and mismanagement.
Go global with the knowledge of IPSAS the internationally accepted accounting...CA. (Dr.) Rajkumar Adukia
In sum, the article explains that the knowledge of the IPSASs is going to be a great opportunity for accounting professionals worldwide. So it is time to gear up and acquire knowledge in this relatively new domain.
This article tells you about how the Audit to Enterprises of all sizes is an important aspect.
With essential features of auditor like independence,
professional skepticism, documentation skills, and continuous knowledge up-gradation any
Chartered Accountant can make a name for himself in the field of the Audit profession.
Let us go together go through this book and see what it has in store for us. Why do we generally fail in our resolutions? Why are we not able to achieve our dreams? why do we always fall short of our targeted income?
Hopefully, all these questions will be answered in the process.
My thoughts on nfra consultation paper on statutory audit and auditing standa...CA. (Dr.) Rajkumar Adukia
The importance of Audit of an organization is perhaps as same as what is oxygen for human beings. It is a 360-degree review of all the organizations working.
I find the NFRA consultation is an opportunity to tell the world how auditing is not just a statutory requirement but a value addition for any entity.
It is a chance to relook at our services, to enhance the
quality and benefit of our services to stakeholders and overall society.
The pious period of Diwali gives us the impetus to destroy all ignorant, fearful, negative and self-limiting thoughts and light up our life with knowledge, fearlessness, positive and self-empowering thoughts.
Let us discover the Inner light in us on this auspicious day of Diwali !!!!
Have a Sparkling, Prosperous, Healthy, and Beautiful Diwali to you all !!!!!!
PROFESSIONAL OPPORTUNITIES FOR CHARTERED ACCOUTANT IN THE ALTERNATIVE DISPUTE...CA. (Dr.) Rajkumar Adukia
This article focuses upon certain practices and scheme of ADR in india in the form of question and answer format realted to ADR, its nature of conduct whether ad hoc or administered; available platforms or forums for the better understanding to the ADR practitioners as one of the professional opportunities for Chartered Accoutants.
The role of chartered accountants in the capacity of auditors assures a smooth-running business that helps to reduce fraud and accounting. The article unfolds its crucial role in terms of the stock audit process.
UNFOLDS NEW PROFESSIONAL OPPORTUNITIES AVAILABLE FOR THE CHARTERED ACCOUNTANT...CA. (Dr.) Rajkumar Adukia
The expertise in subjects like Finance, advisory, management, audit, etc. puts the Chartered Accountants in an advantageous position creating an ability to plays a huge role in the Insolvency Resolution process on the same line unfolds the excellent unique opportunities that the Insolvency regime brings.
The role of Chartered Accountant in capacity as Virtual Entrepreneur Mentor t...CA. (Dr.) Rajkumar Adukia
A chartered accountant in the capacity of a virtual Entrepreneur Mentor can act as a trusted confidante over an extended period of time with an objective to provide advice, counseling from a fresh perspective, collaborate and help you as an entrepreneur stay focused on their long-term goal of making their venture a success.
Role of Chartered Accountant’s in assisting startup to reach to the UNICORN ...CA. (Dr.) Rajkumar Adukia
"Unicorn Startups are the ones that beat the odds" with the right business model for profit generation, and financial knowledge CAs can better use their expertise in assisting startups to reach Unicorn Startups.
Memorandum Of Association Constitution of Company.pptseri bangash
www.seribangash.com
A Memorandum of Association (MOA) is a legal document that outlines the fundamental principles and objectives upon which a company operates. It serves as the company's charter or constitution and defines the scope of its activities. Here's a detailed note on the MOA:
Contents of Memorandum of Association:
Name Clause: This clause states the name of the company, which should end with words like "Limited" or "Ltd." for a public limited company and "Private Limited" or "Pvt. Ltd." for a private limited company.
https://seribangash.com/article-of-association-is-legal-doc-of-company/
Registered Office Clause: It specifies the location where the company's registered office is situated. This office is where all official communications and notices are sent.
Objective Clause: This clause delineates the main objectives for which the company is formed. It's important to define these objectives clearly, as the company cannot undertake activities beyond those mentioned in this clause.
www.seribangash.com
Liability Clause: It outlines the extent of liability of the company's members. In the case of companies limited by shares, the liability of members is limited to the amount unpaid on their shares. For companies limited by guarantee, members' liability is limited to the amount they undertake to contribute if the company is wound up.
https://seribangash.com/promotors-is-person-conceived-formation-company/
Capital Clause: This clause specifies the authorized capital of the company, i.e., the maximum amount of share capital the company is authorized to issue. It also mentions the division of this capital into shares and their respective nominal value.
Association Clause: It simply states that the subscribers wish to form a company and agree to become members of it, in accordance with the terms of the MOA.
Importance of Memorandum of Association:
Legal Requirement: The MOA is a legal requirement for the formation of a company. It must be filed with the Registrar of Companies during the incorporation process.
Constitutional Document: It serves as the company's constitutional document, defining its scope, powers, and limitations.
Protection of Members: It protects the interests of the company's members by clearly defining the objectives and limiting their liability.
External Communication: It provides clarity to external parties, such as investors, creditors, and regulatory authorities, regarding the company's objectives and powers.
https://seribangash.com/difference-public-and-private-company-law/
Binding Authority: The company and its members are bound by the provisions of the MOA. Any action taken beyond its scope may be considered ultra vires (beyond the powers) of the company and therefore void.
Amendment of MOA:
While the MOA lays down the company's fundamental principles, it is not entirely immutable. It can be amended, but only under specific circumstances and in compliance with legal procedures. Amendments typically require shareholder
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Explore our most comprehensive guide on lookback analysis at SafePaaS, covering access governance and how it can transform modern ERP audits. Browse now!
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
Chartered Accountant’s Role in an Enterprise Risk Management
1. 1
Chartered Accountant’s Role in an Enterprise Risk Management
By
CA. (Dr.) Rajkumar Adukia
Author of more than 300 books,
Business Growth and Motivational Coach,
Member IFRS SMEIG London 2018-2020
Ex director - SBI mutual fund, BOI mutual fund
Ph. D , LL.B, LLM (Constitution), FCA,FCS, MBA, MBF , FCMA, Dip Criminology, Dip in IFR(UK)
Justice (Harvard) , CSR, Dip IPR, Dip Criminology ,dip in CG , Dip Cyber, dip data privacy B. Com , M.
Com., Dip LL & LW
Student of – MA (psychology), MA (Economics), IGNOU PGDCR, PGCAP etc
Chairman western region ICAI 1997, Council Member ICAI 1998-2016
Introduction:
Business and Risk goes hand in hand, the professionals like chartered accountants with the
expertise in finance, management and audit are well suited for the role of forecasting, evaluating
and mitigating prospective risk involve in any organization’s activity and seize opportunities to
take the growth of business on next level.
This article brings you in depth details of role of chartered accountant in an Enterprise Risk
Management.
What is Risk?
Risk implies future uncertainty about deviation from expected earnings or expected outcome.
Like it or not, risk is inevitable part of any organization. Uncertainty presents both risk and
opportunity. It has the potential to erode or enhance the organization’s value. Risk is an event
which can prevent, hinder, fail to further or otherwise obstruct the enterprise in achieving its
objectives. A business risk is the threat that an event or action will adversely affect an
enterprise’s ability to maximize stakeholder value and to achieve its business objectives. Risk
2. 2
can cause financial disadvantage, for example, additional costs or loss of funds or assets. It can
result in damage, loss of value and /or loss of an opportunity to enhance the enterprise operations
or activities. Risk is the product of probability of occurrence of an event and the financial impact
of such occurrence to an enterprise.
What are the Types of Risks?
Risk may be broadly classified into Strategic, Operational, Financial and Knowledge.
Strategic Risks are associated with the primary long-term purpose, objectives and direction of the
business.
Operational Risks are associated with the on-going, day-to-day operations of the enterprise.
Financial Risks are related specifically to the processes, techniques and instruments utilised to
manage the finances of the enterprise, as well as those processes involved in sustaining effective
financial relationships with customers and third parties.
Knowledge Risks are associated with the management and protection of knowledge and
information within the enterprise.
What is Enterprise risk management (ERM)?
Enterprise risk management helps an organization get to where it wants to go and avoid pitfalls
and surprises along the way. In other words, Enterprise risk management in business includes the
methods and processes used by organizations to manage risks and seize opportunities related to
the achievement of their objectives. It is a structured, consistent and continuous process of
measuring or assessing risk and developing strategies to manage risk within the risk appetite.
Enterprise risk management (ERM) is defined by COSO (Committee of Sponsoring
Organizations of the Treadway Commission) as a process designed to:
1. identify potential events that may affect the organization,
2. manage risk to be within the organization's risk appetite, and
3. provide reasonable assurance regarding the achievement of the organization's objectives.
3. 3
The role of ERM cannot be over stated in modern economy where every choice we make be it in
respect of day to day affairs at an operational level or fundamental trade-offs in the boardroom,
has an element of risk. Every decision taken may have multiple outcomes and that’s where risk
creeps in. These risks must be considered in the formulation of an organization’s strategy and
business objectives and enterprise risk management helps to optimize outcomes. In increasing
volatility, complexity and ambiguity of the world, the margin of error has shrunk, with
stakeholders demanding greater transparency and accountability for managing the impact of risk.
Increasing volatility requires enterprise to be more adaptive to change particularly at the Board
levels where the stakes are highest. COVID19 pandemic has further stressed the need for
effective risk management by an enterprise to ensure the business continuity. By identifying and
proactively addressing risks and opportunities, enterprises can protect and create value for their
stakeholders, including owners, employees, customers, regulators, and overall society.
Benefits of Effective Enterprise Risk Management
Organizations that integrate enterprise risk management throughout the entity can realize many
benefits, including, though not limited to:
Increasing the range of opportunities:
Identifying and managing risk entity-wide:
Increasing positive outcomes and advantage while reducing negative surprises:
Reducing performance variability:
Improving resource deployment:
Enhancing enterprise resilience:
Role of Chartered Accountants in ERM
A Chartered Accountant can facilitate the process of ERM in many ways like:
Process audit of the risk management processes
Identify, assess and solve complex business problems, using in-depth data-analysis and
evaluating variable factors
4. 4
Lead large-to-medium sized teams or projects, delivering valuable insights and advice to
clients on complex enterprise risk management projects across industries
Help clients develop their own strategies by designing and implementing business and
technology changes
Establish a clear point of view for enterprise risk assessment, analysis, and delivery of
solutions
Enhance the Risk and Compliance practice by contributing to ERM thought leadership and
Innovation solutions
Display a depth of knowledge in ERM by understanding developments in relevant regulatory
guidance, technologies, and innovations
Preparing comprehensive framework for risk management for an enterprise,
Assisting in Successful implementation of ERM in the entity.
Brief History of ERM
Management of Risk as a concept is nothing new, even though its formal structure has evolved
over a period in recent times. Most successful kings of past practiced Risk Management in one
form or other by building forts, maintaining secret chambers or keeping additional forces and
stores for grain for crises time. In India, the evidences of ERM can be traced back to around 150
AD, when the famous erstwhile economist Chanakya (Kautilya) devoted a chapter on Risk
Management in Arthashastra, which translates to Calamities of the Population. According to
him, ‘A calamity constituent, of a divine or human origin, springs from ill luck or wrong
policy’. Kautilya in his fourth book, classified the vyasana, into two categories namely Daivam
vyasna (Natural Disasters) and Manusam vyasana (Manmade Disasters). Kautilya in his book
has also suggested ways to manage risk at both at individual level and national level. Kautilya
has clearly stressed that if someone dies on duty, the sons and wife should get food and wages
and their minor children, old and sick persons should be supported. King should grant them
money.
However, the ERM as we understand today can be traced to Early 1970s when Gustav Hamilton
of Sweden’s Statsforetag proposed the “risk management circle” to describe the interaction of all
elements in the risk management process. The following events may be noted thereafter:
5. 5
1974- Basel Committee on Banking Supervision
1988- Basel Capital Accord setting forth a new framework for minimum risk based Capital
requirements
1985- COSO formed an independent commission to undertake a private sector study of
factors that caused fraudulent financial reporting
1992- Following a series of high profile corporate frauds and accounting scandals, the
London Stock Exchange introduced new regulations covering various aspects of Corporate
governance
1995- Development of national standards on Risk Management began with Aus/NZ Risk .
Similar standards in Canada (Dey Report 1997) and Japan, and in the UK (2000)
1996- NAIC (National Association of Insurance Commissioners in United States) introduced
risk based capital requirement for insurance companies.
2002 - A string of corporate accounting scandals has profound implications in the US and
worldwide and led to the passage of Sarbanes-Oxley Act
2003- The Casualty Actuarial Society (CAS) defined ERM as the discipline by which an
organization in any industry assesses, controls, exploits, finances, and monitors risks from all
sources for the purpose of increasing the organization's short- and long-term value to its
stakeholders.
2004- COSO Enterprise Risk Management Integrated Framework
2009- ISO 31000 is an International Standard for Risk Management which was published by
the International Organization for Standardization and The International Electrotechnical
Commission (IEC).
2010 –COSO Strengthening Enterprise Risk Management for Strategic Advantage
2017- COSO Enterprise Risk Management—Integrating with Strategy and Performance
Importance of ERM
Organizations with integrated enterprise risk management throughout the entity realize many
benefits of ERM like:
• Increasing the range of opportunities: In process of ERM entity considers all possibilities
both positive and negative. This help the management to identify new opportunities and
unique challenges associated with current opportunities.
6. 6
• Identifying and managing risk entity-wide: In an organization there are many risks that affect
more than one parts of the organization. Effective ERM ensures that the management
identifies and manages these entity-wide risks to sustain and improve performance.
Increasing positive outcomes and advantage while reducing negative surprises: The changes
around an enterprise may be a challenge or an opportunity. Enterprise risk management
allows entities to improve their ability to identify risks and establish appropriate responses,
reducing surprises and related costs or losses, while profiting from advantageous
developments.
Reducing performance variability: Often challenge or risk is leads to variability in
performance rather than the loss to the enterprise. Effective Enterprise risk management
allows organizations to anticipate the risks that would affect performance and enable them to
put in place the actions needed to minimize disruption and maximize opportunity.
Improving resource deployment: Every risk could be considered a request for resources.
Obtaining robust information on risk allows management, in the face of finite resources, to
assess overall resource needs, prioritize resource deployment and enhance resource
allocation.
Enhancing enterprise resilience: An entity’s medium- and long-term viability depends on its
ability to anticipate and respond to change, not only to survive but also to evolve and thrive.
This is, in part, enabled by effective enterprise risk management. It becomes increasingly
important as the pace of change accelerates and business complexity increases.
Statutory Requirement for Enterprise Risk Management in India
Even though there is no formal Enterprise Risk Management framework in India, there are
certain requirements in Companies Act 2013 and Securities and Exchange Board of India
(Listing Obligations and Disclosure Requirements) Regulations, 2015, that needs to be
complied with respect to Risk Management.
The Companies Act, 2013
The Companies Act 1956 did not contain any mandatory provisions relating to Risk
Management, whereas the Companies Act 2013 placed specific expectations on important
7. 7
stakeholders in a company, namely, the Board of Directors, Audit Committee and the
Independent Directors in relation to Risk Management.
As per the Section 134(3) of the Companies Act 2013, the Board of Directors in its report
attached to financial statements laid in general meeting, include a statement indicating
development & implementation of Risk Management Policy for company including
identification therein of elements of risk, if any, which in the opinion of the Board may threaten
the existence of the company.
A per the Schedule IV framed under Section 149(8) of the Companies Act 2013, the
Independent Directors of the company must:
(1) Help in bringing an independent judgment to bear on the Board’s deliberation especially on
issues of strategy, performance, risk management, resources, key appointments and
standards of conduct;
(2) Satisfy themselves on the integrity of financial information and that financial controls and
the systems of risk management are robust and defensible.
As per Section 177(4) of the Companies Act, the Audit Committee must act in accordance
with the terms of reference specified in writing by the Board which shall, inter alia, include
evaluation of internal financial controls and risk management systems.
Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements)
Regulations, 2015 (LODR) on ERM
The board and audit committee have been vested with specific responsibilities as per SEBI
(LODR) Regulations 2015, in assessing the robustness of Risk Management policy, process and
systems. Some of the main provisions in this respect are:
As per the Regulation 4(2)(f)(ii) of LODR, key functions of the board of directors include
reviewing and guiding and risk policy; Ensuring appropriate systems of control are in place, in
particular, systems for risk management, financial and operational control, and compliance with
the law and relevant standards.
As per the Regulation 4(2)(f)(iii) of LODR, the board of directors shall have ability to ‘step
back’ to assist executive management by challenging the assumptions underlying: strategy,
8. 8
strategic initiatives (such as acquisitions), risk appetite, exposures and the key areas of the listed
entity’s focus.
As per the Regulation 17(9) of LODR, the listed entity shall lay down procedures to inform
member of board about risk assessment & minimization procedures and the board shall be
responsible for framing, implementing and monitoring the risk management plan for the listed
entity.
As per the Regulation 21 of LODR a amended .e.f., the top 1000 listed entities, determined on
the basis of market capitalization as at the end of the immediate preceding financial year; and
‘high value debt listed entity’, should have a Risk Management Committee which shall have
following key features –
(1) The board of directors shall constitute a Risk Management Committee.
(2) The Risk Management Committee shall have minimum three members with majority of
them being members of the board of directors, including at least one independent director
and in case of a listed entity having outstanding SR equity shares, at least two thirds of the
Risk Management Committee shall comprise independent directors.
(3) The Chairperson of the Risk management committee shall be a member of the board of
directors and senior executives of the listed entity may be members of the committee.
(4) The risk management committee shall meet at least twice in a year. The quorum for a
meeting of the Risk Management Committee shall be either two members or one third of the
members of the committee, whichever is higher, including at least one member of the board
of directors in attendance. The meetings of the risk management committee shall be
conducted in such a manner that on a continuous basis not more than one hundred and eighty
days shall elapse between any two consecutive meetings
(5) The board shall define role & responsibility of the Risk Management Committee & may
delegate monitoring and reviewing of the risk management plan to the committee and such
other functions as it may deem fit such function shall specifically cover cyber security
(6) The provisions of this regulation shall be applicable to top 500 listed entities, determined on
the basis of market capitalization, as at the end of immediate previous financial year.
9. 9
(7) The Risk Management Committee shall have powers to seek information from any
employee, obtain outside legal or other professional advice and secure attendance of
outsiders with relevant expertise, if it considers necessary.
The Part C of Schedule II of LODR framed under Regulation 18(3) that deals with the role of
the Audit Committee and review of information by Audit Committee states that the role of the
audit committee shall include evaluation of internal financial controls and risk management
systems.
Further w.e.f. 5.5.2021, a new Clause C has been inserted in Part D of Schedule II of LODR,
which deals with the role of Risk Management Committee. The clause is being reproduced
below:
Risk Management Committee
The role of the committee shall, inter alia, include the following:
(1) To formulate a detailed risk management policy which shall include:
(a) A framework for identification of internal and external risks specifically faced by the
listed entity, in particular including financial, operational, sectoral, sustainability
(particularly, ESG related risks), information, cyber security risks or any other risk as
may be determined by the Committee.
(b) Measures for risk mitigation including systems and processes for internal control of
identified risks.
(c) Business continuity plan.
(2) To ensure that appropriate methodology, processes and systems are in place to monitor and
evaluate risks associated with the business of the Company;
(3) To monitor and oversee implementation of the risk management policy, including evaluating
the adequacy of risk management systems;
(4) To periodically review the risk management policy, at least once in two years, including by
considering the changing industry dynamics and evolving complexity;
(5) To keep the board of directors informed about the nature and content of its discussions,
recommendations and actions to be taken;
10. 10
(6) The appointment, removal and terms of remuneration of the Chief Risk Officer (if any) shall
be subject to review by the Risk Management Committee.
The Risk Management Committee shall coordinate its activities with other committees, in
instances where there is any overlap with activities of such committees, as per the framework
laid down by the board of directors.
Clause C of the Schedule V of LODR, which deals with the disclosure requirements in Annual
Report in respect of Corporate Governance Report requires following disclosures in respect to
Risk management committee:
(a) brief description of terms of reference;
(b) composition, name of members and chairperson;
(c) meetings and attendance during the year
It is pertinent to note that, even prior to LODR, the clause 49 of the Listing Agreement by SEBI
mandated every Company to constitute a Risk Management Committee. Board Disclosures as
per Clause 49 of the Listing Agreement required every Company to lay down procedures to
inform Board members about the risk assessment and minimization procedures. These
procedures were required to be periodically reviewed to ensure that executive management
controls risk through means of a properly defined framework.
Standards on Auditing Pronounced by the Auditing and Assurance Standards Board
(AASB) and Internal Audit Standards Board of ICAI on Enterprise Risk Management
As Institute of Chartered Accountants of India is primary body in India, that regulates Auditing
Profession, it sets standards for conducting the statutory or other audits. In case of Internal
Audits too if member of ICAI conducts an Internal Audit he should follow Internal Audit
Standard prescribed by it. Even though some other professionals are also permitted to perform
Internal Audit function by MCA, Internal Audit standards set by ICAI are recommendatory for
them. Discussed below are standards set by the two boards that is relevant for ERM.
Standard on Auditing (SA) 315, “Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and Its Environment” deals with the auditor's
responsibility to identify and assess the risks of material misstatement in the financial statements,
11. 11
through understanding the entity and its environment, including the entity's internal control. It
defines the term Business Risk, Internal Control, Risk assessment procedures and significant risk
a follows:
Business risk as a risk resulting from significant conditions, events, circumstances, actions or
inactions that could adversely affect an entity’s ability to achieve its objectives and execute
its strategies, or from the setting of inappropriate objectives and strategies.
Internal control as the process designed, implemented and maintained by those charged with
governance, management and other personnel to provide reasonable assurance about the
achievement of an entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations, safeguarding of assets, and compliance with
applicable laws and regulations. The term “controls” refers to any aspects of one or more of
the components of internal control.
Risk assessment procedures as the audit procedures performed to obtain an understanding of
the entity and its environment, including the entity’s internal control, to identify and assess
the risks of material misstatement, whether due to fraud or error, at the financial statement
and assertion levels.
Significant risk as an identified and assessed risk of material misstatement that, in the
auditor’s judgment, requires special audit consideration.
The standard requires the auditor to perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial statement and
assertion levels including inquiries of management, of appropriate individuals within the internal
audit function and of others within the entity who in the auditor’s judgment may have
information that is likely to assist in identifying risks of material misstatement due to fraud or
error, Analytical procedures and observation and inspection.
Standard on Auditing (SA) 330, “The Auditor’s Responses to Assessed Risks” deals with the
auditor’s responsibility to design and implement responses to the risks of material misstatement
identified and assessed by the auditor in accordance with SA 315. It states Nature, timing and the
extent of the audit procedures are to be based on and are responsive to the assessed risk of
material misstatement at the assertion level. It defines the term Test of Control as an audit
procedure designed to evaluate the operating effectiveness of controls in preventing, or
12. 12
detecting and correcting, material misstatements at the assertion level and Substantive Procedure
as an audit procedure designed to detect material misstatements at the assertion level.
Substantive procedures comprise tests of details and substantive analytical procedures.
Any significant risk in auditor’s opinion should be tested in the current period. During this
process, evaluate whether there are any misstatements detected by substantive procedure
indicates the control are not operated effectively. If there are deviations, the auditor should
understand its potential consequences through specific inquiries and determine:
Test of controls performed to provide an appropriate basis for reliance
If an additional test is necessary
If the potential risk of misstatement is to be addressed using substantive procedures
ISA 330 requires that the auditor shall always carry out substantive procedures on material items
irrespective of the assessed risks of material misstatement, and that the auditor shall design and
perform substantive procedures for each material class of transactions, account balance, and
disclosure. ISA 330 indicates that the auditor may perform tests of control or substantive
procedures at an interim date or at the period end. The standard also indicates that, in general, the
extent of audit procedures increases as the risk of material misstatement increases. The
standard lists the following overall responses that may be used by auditors in order to address the
assessed risks of material misstatement at the financial statement level:
Emphasizing to the audit team the need to maintain professional scepticism.
Assigning more experienced staff, those with special skills, or using experts.
Providing more supervision.
Incorporating additional elements of unpredictability in the selection of further audit
procedures to be performed.
Making general changes to the nature, timing or extent of audit procedures.
Standard on Internal Audit (SIA) 13, Enterprise Risk Management,
Standard on Internal Audit issued by the “Internal Audit Standards Board” of the Institute of
Chartered Accountants of India, apply to all members of the ICAI while performing internal
audit of any entity or body corporate, irrespective of whether the internal audit is conducted by
13. 13
them in the capacity of an employee of the entity or as a representative of an external agency.
SIA 13, Enterprise Risk Management, establishes standards and provide guidance on review of
an entity’s risk management system during an internal audit. An Internal Auditor is expected to
provide assurance to management on the effectiveness of risk management. The standard says
that the nature of internal auditor’s responsibilities should be adequately documented and
approved by those charged with governance and the internal auditor should not manage any of
the risks on behalf of the management or take risk management decisions. The internal auditor
should not assume any accountability for risk management decisions taken by the management.
It is the responsibility of the internal auditor to review the maturity of an enterprise risk
management structure by considering whether the framework so developed, inter alia:
a) protects the enterprise against surprises;
b) stabilizes overall performance with less volatile earnings;
c) operates within established risk appetite;
d) protects ability of the enterprise to attend to its core business; and
e) creates a system to proactively manage risks.
The internal auditor should also review whether the enterprise risk management coordinators in
the entity report on the results of the assessment of key risks at the Risk Management
Committee, Enterprise Business and Unit Heads and Audit Committee levels.
The internal audit plan, approved by the audit committee, should be based on risk assessment as
well as on issues highlighted by the audit committee and senior management. The risk
assessment process should be of a continuous nature so as to identify both existing and emerging
risks. The risk assessment should be conducted formally at least annually, but more often in
complex enterprises. To serve this objective, the internal auditor should design the audit work
plan by aligning it with the objectives and risks of the enterprise and concentrate on those issues
where assurance is sought by those charged with governance.
14. 14
The internal auditor should submit his report to the Board or its relevant Committee, delineating
the Assurance rating (segregated into High, Medium or Low), Tests conducted, Samples covered
and Observations and recommendations.
COSO Enterprise Risk Management—Integrating with Strategy and Performance (2017)
COSO stands for ‘Committee of Sponsoring Organizations’. The COSO Board commissioned
and published in 2004 Enterprise Risk Management-Integrated Framework. To keep pace with
increasing complexities and evolving risks it revised it in 2017 and named it Enterprise Risk
Management—Integrating with Strategy and Performance. The Framework highlights the
importance of considering risk in both the strategy-setting process and in driving performance.
The document is divided into two parts. The first part offers a perspective on current and
evolving concepts and applications of enterprise risk management. The second part of the
Framework is organized into five easy-to-understand components encompassing 20 principles,
that accommodate different viewpoints and operating structures, and enhance strategies and
decision-making. It provides a Framework for boards and management in entities of all sizes. It
builds on the current level of risk management that exists in the normal course of business.
Further, it demonstrates how integrating enterprise risk management practices throughout an
entity helps to accelerate growth and enhance performance. It also contains principles that can be
applied—from strategic decision-making through to performance.
Management holds overall responsibility for managing risk to the entity, but it is important for
management to go further: to enhance the conversation with the board and stakeholders about
using ERM to gain a competitive advantage. ERM allows management to feel more confident
that they’ve examined alternative strategies and considered the input of those in their
organization who will implement the strategy selected.
The Framework supplies important considerations for boards in defining and addressing their
risk oversight responsibilities. These considerations include governance and culture; strategy and
objective-setting; performance; information, communications and reporting; and the review and
revision of practices to enhance entity performance. The five components in the updated
Framework are supported by a set of principles.
The components with related principles are as follows:
15. 15
1. Governance and Culture: Governance sets the organization’s tone, reinforcing the
importance of, and establishing oversight responsibilities for the enterprise risk management.
Culture pertains to ethical values, desired behaviors, and understanding of risk in the entity.
The related principle are:
Exercises Board Risk Oversight
Establishes Operating Structures
Defines Desired Culture
Demonstrates
Commitment to Core Values
Attracts, Develops, and Retains Capable Individuals
2. Strategy and Objective-Setting: Enterprise risk management, strategy, and objective-setting
work together in the strategic-planning process. A risk appetite is established and aligned
with strategy; business objectives put strategy into practice while serving as a basis for
identifying, assessing, and responding to risk.
Analyzes Business Context
Defines Risk Appetite
Evaluates Alternative Strategies
Formulates Business Objectives
3. Performance: Risks that may impact the achievement of strategy and business objectives
need to be identified and assessed. Risks are prioritized by severity in the context of risk
appetite. The organization then selects risk responses and takes a portfolio view of the
amount of risk it has assumed. The results of this process are reported to key risk
stakeholders.
Identifies Risk
Assesses Severity of Risk
Prioritizes Risks
Implements Risk Responses
Develops Portfolio View
4. Review and Revision: By reviewing entity performance, an organization can con sider how
well the enterprise risk management components are functioning over time and in light of
substantial changes, and what revisions are needed.
16. 16
Assesses Substantial Change
Reviews Risk and Performance
Pursues Improvement in Enterprise Risk Management
5. Information, Communication, and Reporting: Enterprise risk management requires a
continual process of obtaining and sharing necessary information, from both internal and
external sources, which flows up, down, and across the organization.
Leverages Information and Technology
Communicates Risk Information
Reports on Risk, Culture, and Performance
Standards set by International Organization for Standardization (ISO)
ISO an independent, non-governmental organization with a membership of 162 national
standards bodies has developed over 22000 voluntary, consensus-based, market-relevant
International Standards that support innovation and provide solutions to global challenges. These
Standards are internationally accepted and agreed over, by various experts in functional and
technical fields and adopted by business leaders and executors globally, towards the achieving of
the various objectives for which these standards are developed, laid down and propagated.
Discussed below are its standards dealing with Risk Management in any enterprise.
ISO 31000: Risk Management
ISO 31000:2018 is a Standard, which is a revised version of the earlier Standard of 2009 on
the same issue. 31000 is applicable to all organizations, regardless of type, size, activities and
location, and covers all types of risk. It was developed by a range of stakeholders and is intended
for use by anyone who manages risks, not just professional risk managers. ISO 31000 provides
direction on how companies can integrate risk-based decision making into an organization’s
governance, planning, management, reporting, policies, values and culture. ISO. It provides
overall guidelines and not any certification on managing risk faced by organizations. The
application of these guidelines can be changed, moulded and customized to any organization and
its context, as required, to suit the factors and circumstances prevailing in any business or
organization.
ISO 31000 helps organizations develop a risk management strategy to effectively identify and
mitigate risks, thereby enhancing the likelihood of achieving their objectives and increasing the
17. 17
protection of their assets. Implementing ISO 31000 also helps organizations see both the positive
opportunities and negative consequences associated with risk, and allows for more informed, and
thus more effective, decision making, namely in the allocation of resources.
The principles are the foundation for managing risk and should be considered when establishing
the organization’s risk management framework and processes.. The figure below can provide
guidance on the characteristics of effective and efficient risk management, communicating its
value and explaining its intention and purpose as proposed by ISO 31000.
The ISO 31000 requires entities to develop ERM Framework encompassing following elements:
integrating, designing, implementing, evaluating and improving risk management across the
organization.
Integrating: It states that even though op management is accountable for managing risk and
oversight bodies are accountable for overseeing risk management, they should ensure that risk
management is integrated into all organizational activities. Integrating risk management relies on
an understanding of organizational structures and context and it is a dynamic and iterative
process, and should be customized to the organization’s needs and culture. Risk management
should be a part of, and not separate from, the organizational purpose, governance, leadership
and commitment, strategy, objectives and operations.
Deigning: When designing the framework for managing risk, the organization should examine
and understand its external and internal context. Top management and oversight bodies, where
applicable, should demonstrate and articulate their continual commitment to risk management
through a policy, a statement or other forms that clearly convey an organization’s objectives and
18. 18
commitment to risk management. The risk management commitment should be communicated
within an organization and to stakeholders. Top management should ensure that the authorities,
responsibilities and accountabilities for relevant roles with respect to risk management are
assigned and communicated at all levels of the organization. They should ensure allocation of
appropriate resources for risk management and consider the capabilities of, and constraints on,
existing resources.
The organization should establish an approved approach to communication and consultation in
order to support the framework and facilitate the effective application of risk
management. Communication and consultation should be timely and ensure that relevant
information is collected, collated, synthesized and shared, as appropriate, and that feedback is
provided and improvements are made.
Implementation: The organization should implement the risk management framework by:
developing an appropriate plan including time and resources;
identifying where, when and how different types of decisions are made across the
organization, and by whom;
modifying the applicable decision-making processes where necessary;
ensuring that the organization’s arrangements for managing risk are clearly understood
and practiced.
Evaluation: In order to evaluate the effectiveness of the risk management framework, the
organization should:
periodically measure risk management framework performance against its purpose,
implementation plans, indicators and expected behavior;
determine whether it remains suitable to support achieving the objectives of the
organization.
Improvement: The organization should continually monitor and adapt the risk management
framework to address external and internal changes by improving its value. The organization
should continually improve the suitability, adequacy and effectiveness of the risk management
19. 19
framework and the way the risk management process is integrated. Once implemented, these
improvements should contribute to the enhancement of risk management.
The Process of ERM: The risk management process involves the systematic application of
policies, procedures and practices to the activities of communicating and consulting, establishing
the context and assessing, treating, monitoring, reviewing, recording and reporting risk. This
process is illustrated as:
IEC/ ISO 31010, Risk management — Risk assessment techniques,
It features a range of techniques to identify and understand risk. It has been updated to expand its
range of applications and to add more detail than ever before. It complements
ISO 31000, Risk management.
IEC 31010 describes the process to be followed when assessing risk, from defining the scope to
delivering a report. It introduces a wide range of techniques for identifying and understanding
risk in a business or technical context.