240 likes | 670 Views
1. pwc. Board responsibility for internal control and risk management. by Kiattisak Jelatianranat Chairman, The Institute of Internal Auditors of Thailand Director, PricewaterhouseCoopers. 2nd Asian Roundtable on Corporate Governance. Kiattisak Jelatianranat. 31 May 2000. 2. pwc.
E N D
1 pwc Board responsibility for internal control and risk management by Kiattisak Jelatianranat Chairman, The Institute of Internal Auditors of Thailand Director, PricewaterhouseCoopers 2nd Asian Roundtable on Corporate Governance Kiattisak Jelatianranat 31 May 2000
2 pwc Responsibility VS Accountability • Responsibility What, and Who will do ? • Accountability How, and For whom ? • ………. Both need independence and objectivity Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
3 pwc Balanced Scorecard in Corporate Governance • Financial & non-financial information. • Equitable Treatment of stakeholders. • Combination of Lagging and Leading Information. • Alignment of short-term objectives Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
4 pwc Board “core” responsibilities………. Balanced Responsibility …… legal & moral • Create strategic vision • Select CEO & Senior management • Establish strategic, accountable information • Independent, objective and competent oversight of day-to-day operations Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
5 pwc x Board initiative & Ownership of : • Corporate governance framework • Risk management system • Internal control system • Auditing Board Effectiveness x Selection of CEO & senior management x Oversight of CEO & senior management to establish • Accounting system • MIS • Compliance program • Operating systems Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
Sustainable Growth Pleasant Working Environment Form Substance Spirit 6 pwc Why corporate governance matters ? • Effective governance, and • Proper communication with your stakeholders Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
7 pwc Value Chain VS Risk Searching for the upside of risk management Preservation Prevention Enhancement Opportunity base-line Uncertainty Harzard Risk is any issue which could impact your ability to meet your objectives Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
8 pwc • Risk Assessment • - Identify • - Measure • - Prioritize • Risk Management • - Assess adequacy of existing controls • - Develop a control improvement plan • - Create a continuous program for objectives, risk and control • assessment Risk ……….. Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
9 pwc Fix Controls Risk Management Action Options Re-Engineer Process Trainings Options Transfer Risk (Insurance) Outsource the Function Do nothing-Bet Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
10 pwc Key attributes of a well-controlled organization include : # 1. Leadership of Board # 2. Translation of strategic vision to day-to-day management # 3. Communication of objectives & values to all levels # 4. Individual accountability # 5. Risk management system # 6. Human resources reinforcement # 7. Independent, objective and competent oversight Well-controlled Organizations Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
11 pwc • Define strategic risk • Articulate risk philosophy • Define values and behavioral expectations Risk & Control : The twin systems Objective • Assess risk • Manage risk Risk Communications & Audit • Assess existing controls • Select control model • Continuous communication Control • Continuous program for ORC • Develop a control improvement plan Alignment … Operations are dynamic and evolving... Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
12 pwc Complexity of Value chain…….. • A board must have the capability to respond to and manage changes. • “Risk Management” and “Business Control” are the first thing for any board consideration. Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
13 pwc • Focus on “Soft Control” in assessing all of COSO’s • “Five Components” and “Three Objectives”. • Soft Controls are subjective in nature, thus self-assessment is • crucial for success. • Implementation as an integral cultural change. • Internal Control training is a “must”. • Tailor practices to an organization to assure the surpassing • expected benefits from the implementation. Internal Control Learned in Real World Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
14 pwc COSO’s Internal Control Definition • is a process, effected by an entity’s people (board of directors, management, and other personnel), designed to provide reasonable assurance regarding the achievement of objectives in the following categories : • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
15 pwc Control Reality • Focus on people and process, not merely policy manuals • and forms • Require dynamic and interactive evaluation techniques. • Verifying compliance with policies and procedures is • not sufficient Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
16 pwc • Control Environment : The Foundation on which everything rests. • Risk Assessment : Aware of and deal with the risks it faces. • Control Activities : Actions identified by management as necessary to address risks to achievement of objectives. • Information & Communication : People to capture and exchange the information needed to conduct, manage and control operations. • Monitoring : React dynamically, changing as condition warrant. Five Components of COSO’s Control Framework 31 May 2000 2nd Asian Roundtable on Corporate Governance Kiattisak Jelatianranat
17 pwc From Backroom To Board Room Organizations in the 21st Century must move internal control issues from their “Backroom” (Operating Level) to “Board Room” (the strategic level) Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
18 pwc Internal Audit Paradigm Shift Today internal auditors are management partners and consultants to add values to the organization. ………. No longer as a watch dog or a policeman Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
19 pwc Internal Auditing Definition 1999 Definition : Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Traditional Definition : Internal auditing is an independent appraisal function established within an organization to examine and evaluate its objectives as a service to the organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost. Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance
20 pwc There is no alternative Toward the new millennium environment : Board of Directors and senior management have no alternative not to be the leadership and ownership of systems of risk management and internal control Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance