Introduction to Risk and Control

Transcription

1 1 Introduction to and Control

2

3 Introduction to and Control 1 LEARNING OUTCOMES After completing this chapter in the CIMA Learning System you should be able to understand the inter-relationship between the elements of the and Control Strategy syllabus; have a broad appreciation of control, governance and risk management; appreciate the contribution of audit to risk management and control; understand how information systems, fraud, and interest and foreign exchange risk are particular examples of control, governance and risk management that are emphasised in the and Control Strategy syllabus. 1.1 Introduction The main purpose of this chapter is to help candidates see and Control as an integrated subject. The syllabus has five separate elements, each with its own learning outcomes and syllabus content. The key to learning this module is to understand how risk and control are related and how the various elements inter-relate. The Module map below demonstrates how risk management, informed by management control theory, is carried out in organisations to control the differing categories of risk. Internal controls, accounting controls and IT system controls are discussed and their related audit systems are explored relative to meeting organisational objectives through the process of corporate governance regulation that guides senior management behaviour. Interest rates, derivatives and foreign exchange risks are presented with a view to exploring a range of external controls available to organisations. 1.2 The emergence of risk, governance and control management has evolved from three separate functional areas: occupational health and safety; insurance; and hedging of financial risks (foreign exchange and interest rates). 5

4 6 Exam Practice Kit: Performance Strategy Internal Control Accounting Controls Management Control Theory Interest Rate Derivatives Foreign Exchange External Controls Environmental Reputational Corporate Governance Business Fraud Financial IT System Internal Audit IT System Control IT System Audit Management P3 Module Map The CIMA Learning System deals with the impact of these developments and discusses the following areas: ISO9000 Basel Committee on Banking Supervision (1994) Value-at- was developed in 1993 The CIMA Learning System deals with: UK Combined Code on Corporate Governance (Financial Reporting Council, 2003) US the Treadway Commission produced Internal Control Integrated Framework (COSO, 1992) US Sarbanes-Oxley Act (SOX) in Corporate governance? The CIMA Learning System discusses the CIMA produced a model of enterprise governance (Chartered Institute of Management Accountants and International Federation of Accountants, 2004) that emphasises the importance of the two dimensions of conformance and performance. Conformance is about satisfying good governance, whilst performance focusses on strategy to improve shareholder value. 1.4 management? management is the process of understanding and managing risks that the organisation faces in attempting to achieve its objectives. This is a central topic for this module and requires detailed study. The authors of the CIMA Learning System stress that, while there are different models for risk management (discussed in detail in Chapter 5 of the CIMA Learning System), the following seven-step process contains the essential ingredients:

5 Introduction to and Control 7 1 Identify the risk 2 Assess the risk impact 3 mapping 4 Record risks in a risk register 5 evaluation 6 treatment 7 reporting. 1.5 Internal control? Internal control is the whole system of financial and other controls established to provide reasonable assurance of effective and efficient operation; internal financial control and compliance with regulation. The authors of the CIMA Learning System emphasise that an internal control system comprises five elements: 1 A control environment 2 assessment 3 Control activities 4 Monitoring information and 5 Communication. 1.6 Audit? The audit committee is a committee of the board of directors, the primary function of which is to review the system of internal control, the external audit process, the work of internal audit and the financial information provided to shareholders. The role of audit is covered in Chapter 7 whilst the audit committee is covered in Chapter 4. The CIMA Learning System deals with the Internal Audit (as different from external audit) and the relationship with internal controls and risk management. 1.7 A model of governance, risk and control The authors of the CIMA Learning System stress the importance of your understanding the links between governance, risk management and internal control and the interaction between the board of directors, the audit committee, external and internal auditors, as this is the foundation of the and Control Strategy syllabus. 1.8 Fraud, information systems and financial risk The CIMA Learning System integrates the three specific risks: fraud (Chapter 10); information systems (Chapters 8 and 9) and financial derivatives (interest and exchange rate risks, covered in Chapters 11 14) into the core focus of risk management in the and Control Strategy syllabus. Information systems risk comprises 20% of the syllabus and financial risk 30% stressing the importance of these sections.

6