FocusROI

Corporate Services

Risk Management and Internal Control

In an increasingly competitive and global environment, managing business and fraud risk better than your competitors will be a source of sustainable competitive advantage.

Risk management
Internal Control

Risk management
Risk Management is a systematic ongoing process for identifying, assessing and prioritizing, major sources of risk. Risks that impact the strategic direction of the entity as a whole are given the highest priority.

The main advantages of risk management are as follows:

  • Avoid surprises and unnecessary costs
  • Assign responsibility for key risks to individual managers
  • Identifying potential exposure to fraud and management override
  • Better information for decision making
  • A grid for resource allocation and evaluating new opportunities
  • A solid foundation for designing/evaluating internal controls and procedures
  • Streamlined reporting to the Board of Directors
  • Roadmap for internal audit to focus their work on key risk areas

FocusROI can provide assistance to entities as follows:

  1. Provide briefings sessions for key stakeholders on what risk management involves.
  2. Facilitate meetings of senior managers to decide on the scope/objectives of a risk management project.
  3. Provide project management.
  4. Provide assistance in developing an entity wide risk tolerance policy.
  5. Work with managers across entity to identify major strategic risks.
  6. Rank the identified risks in terms of likelihood, impact and overall importance to the entity.
  7. Provide a framework for assigning responsibility for risks and developing appropriate mitigating strategies.
  8. Develop and document mitigation strategies and establish suitable reporting mechanisms.

Internal Control

Internal control should always exist as a response to risk. Internal control that does not mitigate a risk is simply bureaucracy. Yet many entities have internal controls that may have been needed once but due to changes in operations over time have become redundant. Such controls need to be identified and the control plus associated costs eliminated

Since the failures of Enron and WorldCom there has been a renewed emphasis on the need for effective internal control. Entity level controls in particular have received a lot of attention with many commentators are now saying that the "tone at the top" is by far the most important internal control.

Public companies are now required to certify in quarterly and annual reports that no material weaknesses exist in their internal controls. In the United States auditors are required to provide an opinion on these management assertions. This process proved very costly due to the methodology used. Costs have now been contained due to a approach which is called "top down and risk based". This top down approach focuses first on risk identification and assessment. Risks that would not result in a material misstatement in the financial statements can then be scoped out of the review altogether. Consequently only those controls that mitigate significant risks need to be evaluated.

FocusROI recommends an eight step process (see below) for the cost effective evaluation of internal control. This process can often be done using internal resources plus some FocusROI assistance.

 
©FocusROI Inc