linking strategic objectives to risk management and ... · linking strategic objectives to risk...
TRANSCRIPT
Linking Strategic Objectives to Risk Management and Internal Controls
23 April 2015
Role of Internal Auditors
By
TAY WOON TECK 8 MAY 2012
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
3
The Shifting Focus of Internal Audit
Controls Assurance on Key Accounting Process
Focus on adequacy of internal accounting controls
Narrow focus on finance department As a guardian Of
internal controls
Accounting compliance and control focus
Controls Assurance on Key Business Process
Focus on adequacy of controls on key business processes that
will have a significant risk of financial losses or financial
impairment.
Broader focus on control activities outside finance. Silo
approach to examine each business process using agreed
upon procedures.
Business process compliance and control focus
Risk Centric Approach towards ERM and
Controls Activities at Entity-Wide Level
Holistic approach to integrate corporate governance, risk
management, business controls, financial controls and
compliance controls
Linking corporate objectives to risk management to control
activities
Organisation-wide risk centric focus
The Theory – Strategy and COSO ERM (2004)
By TAY WOON TECK
8 MAY 2012
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
5
Linking Enterprise Risk Management to COSO
by COSO I ( COSO - Report )
by COSO II ( ERM - Framework )
Ü
ä ten ä t 1
ä t 2 ä ten
Risikosteuerung
Ereignisidentifikation ä
ä
Ü
Internal Control System (ICS)
( - )
Risk Management System
( - )
Control environment
Information & Communication
Control Activities
Risk Assessment
Monitoring Unit B
Activity 1
Activity 2
Unit A
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
Entity-Level
Internal Environment
Division
Business U
nit
Subsidiary
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
6 EN
TITY - LEVEL
Information & Communication
Control Activities
Monitoring
Risk Response
Risk Assessment
Event Identification
Objective Setting
Internal Environment
Division
Business U
nit
Subsidiary Entity - Level
Event Identification – Opportunities and Risks
Objective Setting
Event Identification
Opportunities Risks
Risk Assessment Risk Response …
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
7
How Should Board Work with Management on Risk Governance?
• The Board develops and communicates clearly its understanding of its risk appetite, both to determine which objectives to pursue and to manage those objectives within the organisation’s appetite for risk.
• Risk appetite is the amount of risk, on a broad level, an organisation is willing to accept in pursuit of value. Each organisation pursues various objectives to add value and should broadly understand the risk it is willing to undertake in doing so.
Source: www.coso.org
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
8
What the Board Should Consider in Setting Risk Appetite?
Source: www.coso.org
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
9
The Board should Link Risk Appetite to Strategic Objectives
Source: www.coso.org
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
10
Examples of Risk Appetite and Risk Tolerance Statements
Risk Appetite Risk Tolerance The organisation has a higher risk appetite related to strategic objectives and is willing to accept higher losses in the pursuit of higher returns.
While we expect a return of 18% on this investment, we are not willing to take more than a 25% chance that the investment leads to a loss of more than 50% of our existing capital.
The organisation has a low risk appetite related to risky ventures and, therefore, is willing to invest in new business but with a low appetite for potential losses.
We will not accept more than a 5% risk that a new line of business will reduce our operating earnings by more than 5% over the next ten years.
A manufacturer of engineered wood products operates in a highly competitive market. To compete, the company has adopted a higher risk appetite relating to product defects in accepting the cost savings from lower-quality raw materials.
The company has set a target for production defects of one flaw per 1,000 board feet. Production staff may accept defect rates up to 50% above this target(i.e. 1.5 flaws per 1,000 board feet) if cost savings from using lower-cost materials is at least 10%.
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
11
Linking Corporate Strategies To Risk Appetite And Control Activities
Risk tolerance
Subordinate objectives:
- Operations - Reporting
- Compliance
Strategy
Strategic objectives Risk appetite
Vision / Mission
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
12
An Illustration on How To Link Strategic Objective To Risk Assessment and Control Activities
The Reality – Strategy and COSO ERM (2004)
By TAY WOON TECK
8 MAY 2012
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
14
Growing expectation gap – Board needs to do more than just meet the best practices
First role of the Board – growing the pie • A Board’s responsibilities include not only ensuring the pie is shared fairly
among the company’s stakeholders but also, and perhaps more importantly, grow the pie. Many do not appreciate the significance of a Board’s contributions to this growth.
Board must deliver sustainable shareholders value • Board should focus less on short term results and work on long term
strategic issues that can deliver sustainable shareholders value.
McKinsey - “Boards – when best practice Isn’t enough” • Boards are vital stewards, responsible for ensuring the long-term viability
and health of companies under their charge for the benefit of current and future owners. It is therefore not unreasonable to expect Boards to adopt an ownership mind-set. Yet while Boards have improved as a result of reforms, many external directors continue to be passive participants who do not believe that it is their role to challenge management beyond asking a few questions at board meetings.
Case Study 1 – Define Mission and Vision
By TAY WOON TECK
8 MAY 2012
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
16
What is the mission of these companies?
"Tiger has not been able to, at this stage, convince us that they can continue operations safely, so that's why they're on the ground. We believe this is symptomatic of problems within the airline [and] we've put them on the ground while we consider all these issues."
SMRT Corp will be repositioned as an engineering company, its chairman Koh Yong Guan revealed. 'At the board level, the senior-most person who is responsible for the operation of the rail system was not directly there to answer to the Board,' he said, explaining why he had asked SMRT Train’s executive vice-president Khoo Hean Siang to sit in at board meetings.
“I attend derivatives sales meetings where not one single minute is spent asking questions about how we can help clients. It’s purely about how we can make the most possible money off them. If you were an alien from Mars and sat in on one of these meetings, you would believe that a client’s success or progress was not part of the thought process at all. It makes me ill, how callously people talk about ripping their clients off.”
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
17
What is the mission of these companies?
Léo Apotheker's disastrous tenure as HP's CEO revealed a dysfunctional company struggling for direction after a decade of missteps and scandals. Simply put, Hewlett-Packard has lost its way. The company is in the midst of an existential crisis. It remains a behemoth, No. 10 on the Fortune 500, with $127 billion in sales last year and $7 billion in earnings. But the trajectory is ominous. Those profits, for example, were 19% lower in 2011 than in the previous year. HP's business is under siege on almost every front, losing market share and facing declining margins.
There's nothing fundamentally wrong with the core insurance business units of American International Group Inc. (AIG). Nothing at all. What imploded the venerable insurance giant was an accumulation of misplaced bets on credit default swaps (which is not their core insurance business)
In 2004, Shell announced it had overstated its reserves by around 23 per cent. This amounted to tens of billions of dollars (depending on the future price of oil). The replacement chairman, Jeroen van der Veer, was brought in to restore the company’s credibility. He scrapped bonus schemes linked to oil reserves as he believed they provided an incentive to exaggerate such reserves.
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
18
Lion Air – The higher the climb…the harder the fall
Case Study – Lion Air
18
• Indonesia’s largest privately run airline (79 destination network)
• Rapid fleet • Signed $22B contract with Boeing in
2011 – 230 aircraft • Signed $24B contract with Airbus in
2013 - 234 aircraft • MOU with Boeing for 5 Dreamliners
For: Bullish Growth
• 2011 IATA safety assessments failed • Jul 2011, 13 planes grounded due to poor ‘On
Time Performance’. • Jan 2012 , airline sanctioned as crew and
pilots were in possession of drugs • February 2012, pilot arrested for possession
of drugs • April 2013 , Lion Boeing 737 (1 month old)
crashed in Bali. Investigations ongoing • Lion banned from flying in Europe
Against: Poor Performance & Safety
Case Study 2 – Define Strategic Objectives
By TAY WOON TECK
8 MAY 2012
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
20
Are these statements strategic objectives
To become Asia largest fast moving consumer product distributors, we intend to open 5,000 stores in all the major cities of Asia within the next five years.
We are losing market share in our product category Alistar. Each year it declines by 5%. It is our aim to maintain market share for Alistar at 40%
Our cost structure in Singapore is not sustainable. The high labour cost and tight labour situation has seriously hampered our growth. Our strategic objective is to find a solution to address these constraints in Singapore
Our mission is to provide cost effective and energy efficient solution to our corporate clients. We have launched a new energy efficient solution to reduce electricity cost by at least 20%.
Case Study 3 – Setting Risk Appetite and Risk Tolerance
Questions - (10 mins)
By TAY WOON TECK
8 MAY 2012
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
22
Setting Risk Appetite and Risk Tolerance - Question
To become Asia largest fast moving consumer product distributors, we intend to open 5,000 stores in all the major cities of Asia within the next five years.
Key Success Considerations
Setting Risk Appetite Risk Tolerance
Market Entry Strategy
Product Category and Price Strategy
Human Resource and Manpower Strategy
Capital Structure & Financing Strategy
Case Study 3 – Setting Risk Appetite and Risk Tolerance
Answer Key By
TAY WOON TECK 8 MAY 2012
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
24
Setting Risk Appetite and Risk Tolerance
To become Asia largest fast moving consumer product distributors, we intend to open 5,000 stores in all the major cities of Asia within the next five years.
Key Success Considerations
Setting Risk Appetite Risk Tolerance
Market Entry Strategy We will be selective in defining the major cities in Asia. It has to be a metropolis with high consumer spending so that we can sustain the high rental costs.
1. Disposal income – USD 35,000 per capita
2. Rental cost as a % of sales should be cap at below 20%
3. 2 years of losses with a loss limit cap at $500,000.
Product Category and Price Strategy
Our market segment is the middle and market income segment. The product category and price strategy has to be align to this segment of consumers
1. Price point has to be target at creating demand so that our average $ spending per consumer per visit is $800.
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
25
Setting Risk Appetite and Risk Tolerance
To become Asia largest fast moving consumer product distributors, we intend to open 5,000 stores in all the major cities of Asia within the next five years.
Key Success Considerations
Setting Risk Appetite Risk Tolerance
Human Resources & Manpower Strategy
A critical success factor is our staff has to know the product sufficiently well to advise the consumer appropriately. Our risk appetite is very low for staff who are working on pushing products to consumers without understanding their needs
Product Knowledge Training & Test – 24 hours. Those that pass the test with B grade can be employed.
Capital Structure & Financing Strategy
Our financing model has to ensure that each store is self sustaining within 12 months of operation
Cashflow positive within 12 months
Key Challenges Facing the IA Profession
By TAY WOON TECK
8 MAY 2012
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
27
Key Challenges Facing Singapore Internal Auditors
• See IA more as a necessary evil to comply with regulatory requirements.
• Expectation is to do the minimum at the cheapest price focusing on accounting internal controls.
Business Owner Managed Business
• See IA more as a control and compliance function with very little strategic business value. It is a cost centre.
• Expectation is very little budget is allocated to develop the skillsets of the IA resources to advise on risk management.
Large Cap Business
• Expect IA professionals to be an integral part of the senior management team to advise them on risk management and internal controls.
• Risk Management and Internal Controls must be embedded into the operations and to be monitored on a continuous basis.
Regulators
• Suffers from low morale and staff retention is difficult. • Not ready and equipped to meet the challenges and
requirements of regulators given the mindset of owner managed corporates and large cap corporates.
IA Professionals
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
28
Thank You
Panel Discussion Question & Answers
© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
29
Talk to Us
If you want to know more, contact us and we will be glad to assist you:
Tay Woon Teck Managing Director RSM Ethos Pte Ltd DID: +65 6594 7803 Email: [email protected]
Tan Boon Yen Senior Director RSM Ethos Pte Ltd DID: +65 6594 7549 Email: [email protected]