In the wake of high-profile corporate scandals and subsequent regulatory legislation, reporting internal controls has become a requirement. These requirements have led to organizations viewing risk management as an area of vital importance. Best practice organizations have for years looked to the Committee of Sponsoring Organizations of the Treadway's (COSO) Internal Control Integrated Framework as the standard to build a solid system of internal controls (Managing Risk, 2003). Formed in 1985, COSO is a voluntary and independent private sector organization that sponsored the National Commission of Financial Reporting. The National Commission was made up of various industry representatives who studied the underlying causes that lead to fraudulent financial reporting. The committee developed recommendations for public companies, independent auditors, regulators, and educational organizations, which are designed to improve "the quality of financial reporting through business ethics, effective internal controls, and corporate governance"(COSO, n.d., 1). Recognizing the need for organizations to evaluate risk management efforts, COSCO developed a framework for Enterprise Risk Management (ERM) that Morrison Management Specialists and other companies can use to establish strong internal controls.
Enterprise Risk Management
ERM is a controlled approach to help management identify and manage uncertainties and reach certain risk objectives. COSO's ERM framework concentrates on the development of a strategy that includes the importance of a risk and internal control "consciousness" throughout an organization. COSO's framework introduces eight key principles for ERM: "internal environment; objective setting; event identification; risk assessment; risk response; control activities; information and communication; and monitoring" (Managing Risk, 2003, p. 2). COSO's framework also includes four objectives categories; these are: strategy; operations; financial reporting; and compliance. COSCO intended this framework to be an effective tool for keeping stakeholders and board directors informed about organizational procedures and processes. The framework could also be used to help an organization respond to uncertainties that will help directors to measure how well their organizations are managing its own risks.
The most crucial aspect of ERM is the establishment of effective internal controls with respect to organizational risk. COSO's objective of internal controls is to establish a set of conditions within an organization to minimize the potential risk of misuse, loss, waste or fraud in financial reporting.
In 2002, Congress passed the Sarbanes-Oxley Act (SOX) to strengthen corporate governance and restore investor confidence. The act’s most important provision, §404, requires management and independent auditors to evaluate annually a firm’s internal financial-reporting controls. In addition, SOX tightens disclosure rules, requires management to certify the firm’s periodic reports, strengthens boards’ independence and financial-literacy requirements, and raises auditor-independence standards.
According to PCAOB Auditing Standard 5 paragraph 2, “effective internal control over financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. If one or more material weaknesses exist, the company 's internal control over financial reporting cannot be considered
All organizations and industries experience risk exposure, from both internal and external events. Accordingly, with outcome speculation being uncertain, organizations can experience either negative or positive effects. In general, the IS31000 defines risk as the “effect of uncertainty on objects” (Elliott, 2012 p.1.4). Consequently, the application of risk management practices helps minimize the effects of risk uncertainty on an organization and is accomplished through coordinating an organization’s activities by establishing control and creating policies in regards to risk. Risk’s most evident category is hazard risk which encompasses risk from accidental loss. In addition, operational risk stems from controls,
Throughout the past several years major corporate scandals have rocked the economy and hurt investor confidence. The largest bankruptcies in history have resulted from greedy executives that “cook the books” to gain the numbers they want. These scandals typically involve complex methods for misusing or misdirecting funds, overstating revenues, understating expenses, overstating the value of assets or underreporting of liabilities, sometimes with the cooperation of officials in other corporations (Medura 1-3). In response to the increasing number of scandals the US government amended the Sarbanes Oxley act of 2002 to mitigate these problems. Sarbanes Oxley has extensive regulations that hold the CEO and top executives responsible for the numbers they report but problems still occur. To ensure proper accounting standards have been used Sarbanes Oxley also requires that public companies be audited by accounting firms (Livingstone). The problem is that the accounting firms are also public companies that also have to look after their bottom line while still remaining objective with the corporations they audit. When an accounting firm is hired the company that hired them has the power in the relationship. When the company has the power they can bully the firm into doing what they tell them to do. The accounting firm then loses its objectivity and independence making their job ineffective and not accomplishing their goal of honest accounting (Gerard). Their have been 379 convictions of fraud to date, and 3 to 6 new cases opening per month. The problem has clearly not been solved (Ulinski).
The report on internal controls, according to ExxonMobil’s CEO, Treasurer and Controller, states they are solely “responsible for establishing and maintaining adequate internal control over (ExxonMobil’s) financial reporting.” They evaluated the effectiveness of internal controls over financial reporting based on COSO’s framework and concluded that controls were effective (MD&A, F-22). The report in internal controls acknowledged us—ExxonMobil’s independent public accounting firm PricewaterhouseCoopers LLP (PwC)—stating that the Corporation maintained effective internal control over financial reporting for 2009 and 2010 as it is the responsibility of management to maintain and assess its effectiveness. We, PwC, are responsible only to express an opinion on internal controls, which we opined in 2009 as unqualified (MD&A, F-22).
Rather, it is centered around comprehension the key risks an organization confronts then going for broke at the best time in the wake of utilizing the most suitable safety measures (Valderrey, 2016). Even in the best of times, in the event that you are to oversee risk successfully, you should make to a great degree decision making ability calls including information and measurements, have an unmistakable feeling of how all the moving parts cooperate, and convey that well. In the most noticeably awful of times, risk management can go into disrepair. Recorded models can come up short, liquidity can become scarce, and relationships can get to be more grounded all of a
To successfully manage risk, an ERM initiative for company Whitestone must be enterprise wide and viewed as an important and strategic effort. Several executives have significant responsibilities for ERM, including the CEO, CRO, CFO, and chief audit manager, the ERM process works best when all key managers of the organization contribute. The COSO framework states that managers of the organization “support the entity’s risk management philosophy, promote compliance with its risk appetite and manage risks within their spheres of responsibility consistent with risk tolerances.” Therefore, identifying leaders throughout Whitestone and gaining their support is critical to successful ERM implementation. A goal of ERM is to incorporate risk management into the organization’s agenda and decision-making processes. This means that ultimately, every manager is responsible, which can only happen when performance goals are clearly articulated, and the appropriate individuals are held accountable for
The objectives of operation, reporting, and compliance are represented in the column. Components are represented by the rows regarding the ERM. The third dimension is the entity’s organizational structure. It demonstrates clear how and how counteract low risk tolerance and high risk appetite. Risk reduction is obtained by facilitating effective internal control with a broad scope that reflects changes in the framework to risk management with ERM. The framework requires adaptability which enables flexibility due to a overlap of functions of identify, assessing, and responding to risks within operations, reporting, and compliance. Activities, information, communication should be monitored, evaluated, and identified for response are part of the ERM for effective and efficient risk management. The concept of risk appetite and risk tolerance is introduced because the identification of potential events affecting achievement can be managed. Also, the process requires communication, consultation before and monitoring and review after every decision or action (McNally, 2015). The financial principles to risk management are effective risk management creates value, integration, decision making, address uncertainty, systematic structure, and facilitated continuous improvement. The financial principles form effective and efficient management within a firm. Financial principles help ERM with risk
The risk management process needs to be flexible. Given that, we operate in the challenging environment, the companies require the meaning for managing risk as well as continuous improvement in identifying new risks that will evolve and make allowances for those risks that are no longer existing.
The report highlight’s the essential aspects of the control process. In terms of concurrent feedback as well as feed forward, that companies can use to implement so that they can have better outcomes in terms of efficiency of the business. Consequently the report underlines as well as emphasizes of the many contributing factors of these controls. The authors have contrasting views on the control models of an organization, they believe that in order to create an effective control process, and organization first needs to determine its strategic plans for instance in terms of what it is and where is it going.
Align and integrating different views of risk management: ERM can provide a common framework to manage different kinds of risk. It can provide WP management and board a clear view of risks management. The clearer the management understand risks, the more stable WP can be.
Over the past decade, risk and uncertainty have increasingly become major issues which impact business activities. Many organizations are raising awareness to minimize the adverse consequences by implementing the process of Risk Management Framework which plays a significant role in mitigating almost all categories of risks. According to Ward (2005), the objective of risk management is to enhance a company’s performance. In particular, the importance of the framework is to assist top management in developing a sensible risk management strategy and program.
Ultimately, a strong ERM program will allow the organization to manage risk successfully by instilling an ongoing process. The importance of enterprise risk management is to ensure that the program is not managed in individual departments, but rather utilizing a holistic approach. According to Fraser & Simkins, in the text, Enterprise Risk Management, the common result of a stove-pipe approach to risk management is that risks are often managed inconsistently these risk may be effectively managed within an individual business unit to acceptable levels, but the risk treatments or lack thereof selected by the manager may unknowingly create or add to risks for other units within the organization.
Risk management is a process used in all industries to reduce the risk. The Risk management tool usage changes from sector to sector and hence each sector has developed their own risk management tools and methodologies to mitigate the risk. But the concept remains the same behind all the tools (Ropel, 2011). The main steps for risk management irrespective of the sector are:
The purpose of risk management is to protect an organization’s valuable assets information, hardware, and software. The purpose of risk management process is to identify and manage risks in such a way that a company is able to meet its strategic and financial targets. Risk management is a continuous process, by which the major risks are identified, listed and assessed, the key persons in charge of risk management are appointed and risks are prioritized according to an assessment scale in order to compare the effects and mutual significance of risks. It is very important that the organizations and business to be very well prepared to see what kind of risk we are facing, or the business can suffer in case of a major disaster.