board responsibility for internal control and risk management by kiattisak jelatianranat chairman,...
TRANSCRIPT
Board responsibility for internal control and risk management
by
Kiattisak Jelatianranat
Chairman, The Institute of Internal Auditors of Thailand
Director, PricewaterhouseCoopers
Kiattisak Jelatianranat
3 1 May2000
1
pwc
2nd Asian Roundtable on Co rporate Governance
Responsibility VS Accountability
• Responsibility What, and Who will do ?
• Accountability How, and F or whom ?
……… . Both need independence an d objectivity Kiattisak Jelatianr
anat
pwc 2
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Balanced Scorecard in Corporate Governance
pwc
• - Financial & non financial information.
• Equitable Treatment of stakeholders.
• Combination of Lagging and Lead ing Information.
• - Alignment of short term objectives
Kiattisak Jelatianranat
3
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Balanced Responsibility …… legal & moral
pwc
• Create strategic vision
• Select CEO & Senior management
• Establish strategic, accountable information
• Independent, objective and comp - - etent oversight of day to day
operations
Board “core” responsibilities……….
Kiattisak Jelatianranat
4
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Board Effectiveness
pwc
• Corporate governance framework
• Risk management system
• Internal control system
• Auditing
Board initiative & Ownership of :
Selection of CEO & senior management
Oversight of CEO & senior management to establish• Accounting system
• MIS
• Compliance program
• Operating systems
Kiattisak Jelatianranat
5
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Why corporate governance matters ?
pwc
• Effective governance, and
• Proper communication with your stakeholders
Sustainable Growth
Pleasant Working Environ
ment
Substance
Form
Spirit
Kiattisak Jelatianranat
6
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Searching for the upside of risk management
pwc
Value Chain VS Risk
Opportunity
Uncertainty
Harzard
Risk is any issue which could impact your ability to meet your objectives
base-line
EnhancementPreservationPrevention
Kiattisak Jelatianranat
7
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Risk ………..
pwc
• Risk Assessment
- Identify
- Measure
- Prioritize
• Risk Management
- Assess adequacy of existing controls
- Develop a control improvement plan
- Create a continuous program for objectives, risk and control
assessment
Kiattisak Jelatianranat
8
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Risk Management Action Options
pwc
Kiattisak Jelatianranat
9
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
OptionsOptions
Fix Controls
- Re EngineerProcessTrainings
Transfer Risk(Insurance) Outsource th
e Function -Do nothing Bet
Well-controlled Organizations
pwc
Key attributes of a well-controlled organization include :
# 1. Leadership of Board
# 2. Translation of strategic vision to day-to-day management
# 3. Communication of objectives & values to all levels
# 4. Individual accountability
# 5. Risk management system
# 6. Human resources reinforcement
# 7. Independent, objective and competent oversight
Kiattisak Jelatianranat
10
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Risk & Control : The twin systems
pwc
• Define strategic risk
• Articulate risk philosophy
• Define values and behavioral expectations
• Assess risk
• Manage risk
• Assess existing controls
• Select control model
• Continuous communication
• Continuous program for ORC
• Develop a control improvement plan
… Operations are dynamic and evolving...
Communications&
Audit
Alignment
Control
Risk
Objective
Kiattisak Jelatianranat
11
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Complexity of Value chain……..
pwc
• A board must have the capability to respond to and manage changes.
• “Risk Management” and “Business Control” are the first thing for any board consideration.
Kiattisak Jelatianranat
12
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Internal Control Learned in Real World
pwc
• Focus on “Soft Control” in assessing all of COSO’s
“Five Components” and “Three Objectives”.
• Soft Controls are subjective in nature, thus self-assessment is
crucial for success.
• Implementation as an integral cultural change.
• Internal Control training is a “must”.
• Tailor practices to an organization to assure the surpassing
expected benefits from the implementation.
Kiattisak Jelatianranat
13
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
COSO’s Internal Control Definition
pwc
is a process, effected by an entity’s people (board of directors, management, and other personnel), designed to provide reasonable assurance regarding the achievement of objectives in the following categories :
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
Kiattisak Jelatianranat
14
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Control Reality
pwc
• Focus on people and process, not merely policy manuals
and forms
• Require dynamic and interactive evaluation techniques.
• Verifying compliance with policies and procedures is
not sufficient
Kiattisak Jelatianranat
15
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Five Components of COSO’s Control Framework
pwc
Kiattisak Jelatianranat
• Control Environment : The Foundation on which everything rests.
• Risk Assessment : Aware of and deal with the risks it faces.
• Control Activities : Actions identified by management as necessary to address risks to
achievement of objectives.
• Information & Communication: People to capture and exchange the information needed to conduct, manage
and control operations.
• Monitoring : React dynamically, changing as condition warrant.
16
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
From Backroom To Board Room
pwc
Kiattisak Jelatianranat
Organizations in the 21st Century must move internal control
issues from their “Backroom” (Operating Level) to “Board
Room” (the strategic level)
17
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Internal Audit Paradigm Shift
pwc
Kiattisak Jelatianranat
Today internal auditors are management partners and consultants to add values to the organization.
………. No longer as a watch dog or a policeman
18
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
Internal Auditing Definition
pwc
Kiattisak Jelatianranat
1999 Definition :1999 Definition : Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Traditional Definition :Traditional Definition :
Internal auditing is an independent appraisal function established within an organization to examine and evaluate its objectives as a service to the
organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost.
19
3 1 May2000
2nd Asian Roundtable on Co rporate Governance
There is no alternative
pwc
Kiattisak Jelatianranat
Toward the new millennium environment :
Board of Directors and senior management have no
alternative not to be the leadership and ownership of systems
of risk management and internal control
20
3 1 May2000
2nd Asian Roundtable on Co rporate Governance