linking strategic objectives to risk management and ... · linking strategic objectives to risk...

Linking Strategic Objectives to Risk Management and Internal Controls

23 April 2015

Role of Internal Auditors

By

TAY WOON TECK 8 MAY 2012

© 2015 COSO Academy CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

3

The Shifting Focus of Internal Audit

Controls Assurance on Key Accounting Process

Focus on adequacy of internal accounting controls

Narrow focus on finance department As a guardian Of

internal controls

Accounting compliance and control focus

Controls Assurance on Key Business Process

Focus on adequacy of controls on key business processes that

will have a significant risk of financial losses or financial

impairment.

Broader focus on control activities outside finance. Silo

approach to examine each business process using agreed

upon procedures.

Business process compliance and control focus

Risk Centric Approach towards ERM and

Controls Activities at Entity-Wide Level

Holistic approach to integrate corporate governance, risk

management, business controls, financial controls and

compliance controls

Linking corporate objectives to risk management to control

activities

Organisation-wide risk centric focus

The Theory – Strategy and COSO ERM (2004)

By TAY WOON TECK

8 MAY 2012


5

Linking Enterprise Risk Management to COSO

by COSO I ( COSO - Report )

by COSO II ( ERM - Framework )

Ü

ä ten ä t 1

ä t 2 ä ten

Risikosteuerung

Ereignisidentifikation ä

ä

Ü

Internal Control System (ICS)

( - )

Risk Management System

( - )

Control environment

Information & Communication

Control Activities

Risk Assessment

Monitoring Unit B

Activity 1

Activity 2

Unit A

Objective Setting

Event Identification

Risk Assessment

Risk Response

Control Activities


Monitoring

Entity-Level

Internal Environment

Division

Business U

nit

Subsidiary


6 EN

TITY - LEVEL


Control Activities

Monitoring

Risk Response

Risk Assessment


Objective Setting

Internal Environment

Division

Business U

nit

Subsidiary Entity - Level

Event Identification – Opportunities and Risks

Objective Setting


Opportunities Risks

Risk Assessment Risk Response …


7

How Should Board Work with Management on Risk Governance?

• The Board develops and communicates clearly its understanding of its risk appetite, both to determine which objectives to pursue and to manage those objectives within the organisation’s appetite for risk.

• Risk appetite is the amount of risk, on a broad level, an organisation is willing to accept in pursuit of value. Each organisation pursues various objectives to add value and should broadly understand the risk it is willing to undertake in doing so.

Source: www.coso.org


8

What the Board Should Consider in Setting Risk Appetite?



9

The Board should Link Risk Appetite to Strategic Objectives



10

Examples of Risk Appetite and Risk Tolerance Statements

Risk Appetite Risk Tolerance The organisation has a higher risk appetite related to strategic objectives and is willing to accept higher losses in the pursuit of higher returns.

While we expect a return of 18% on this investment, we are not willing to take more than a 25% chance that the investment leads to a loss of more than 50% of our existing capital.

The organisation has a low risk appetite related to risky ventures and, therefore, is willing to invest in new business but with a low appetite for potential losses.

We will not accept more than a 5% risk that a new line of business will reduce our operating earnings by more than 5% over the next ten years.

A manufacturer of engineered wood products operates in a highly competitive market. To compete, the company has adopted a higher risk appetite relating to product defects in accepting the cost savings from lower-quality raw materials.

The company has set a target for production defects of one flaw per 1,000 board feet. Production staff may accept defect rates up to 50% above this target(i.e. 1.5 flaws per 1,000 board feet) if cost savings from using lower-cost materials is at least 10%.


11

Linking Corporate Strategies To Risk Appetite And Control Activities

Risk tolerance

Subordinate objectives:

- Operations - Reporting

- Compliance

Strategy

Strategic objectives Risk appetite

Vision / Mission


12

An Illustration on How To Link Strategic Objective To Risk Assessment and Control Activities

The Reality – Strategy and COSO ERM (2004)

By TAY WOON TECK

8 MAY 2012


14

Growing expectation gap – Board needs to do more than just meet the best practices

First role of the Board – growing the pie • A Board’s responsibilities include not only ensuring the pie is shared fairly

among the company’s stakeholders but also, and perhaps more importantly, grow the pie. Many do not appreciate the significance of a Board’s contributions to this growth.

Board must deliver sustainable shareholders value • Board should focus less on short term results and work on long term

strategic issues that can deliver sustainable shareholders value.

McKinsey - “Boards – when best practice Isn’t enough” • Boards are vital stewards, responsible for ensuring the long-term viability

and health of companies under their charge for the benefit of current and future owners. It is therefore not unreasonable to expect Boards to adopt an ownership mind-set. Yet while Boards have improved as a result of reforms, many external directors continue to be passive participants who do not believe that it is their role to challenge management beyond asking a few questions at board meetings.

Case Study 1 – Define Mission and Vision

By TAY WOON TECK

8 MAY 2012


16

What is the mission of these companies?

"Tiger has not been able to, at this stage, convince us that they can continue operations safely, so that's why they're on the ground. We believe this is symptomatic of problems within the airline [and] we've put them on the ground while we consider all these issues."

SMRT Corp will be repositioned as an engineering company, its chairman Koh Yong Guan revealed. 'At the board level, the senior-most person who is responsible for the operation of the rail system was not directly there to answer to the Board,' he said, explaining why he had asked SMRT Train’s executive vice-president Khoo Hean Siang to sit in at board meetings.

“I attend derivatives sales meetings where not one single minute is spent asking questions about how we can help clients. It’s purely about how we can make the most possible money off them. If you were an alien from Mars and sat in on one of these meetings, you would believe that a client’s success or progress was not part of the thought process at all. It makes me ill, how callously people talk about ripping their clients off.”


17

What is the mission of these companies?

Léo Apotheker's disastrous tenure as HP's CEO revealed a dysfunctional company struggling for direction after a decade of missteps and scandals. Simply put, Hewlett-Packard has lost its way. The company is in the midst of an existential crisis. It remains a behemoth, No. 10 on the Fortune 500, with $127 billion in sales last year and $7 billion in earnings. But the trajectory is ominous. Those profits, for example, were 19% lower in 2011 than in the previous year. HP's business is under siege on almost every front, losing market share and facing declining margins.

There's nothing fundamentally wrong with the core insurance business units of American International Group Inc. (AIG). Nothing at all. What imploded the venerable insurance giant was an accumulation of misplaced bets on credit default swaps (which is not their core insurance business)

In 2004, Shell announced it had overstated its reserves by around 23 per cent. This amounted to tens of billions of dollars (depending on the future price of oil). The replacement chairman, Jeroen van der Veer, was brought in to restore the company’s credibility. He scrapped bonus schemes linked to oil reserves as he believed they provided an incentive to exaggerate such reserves.


18

Lion Air – The higher the climb…the harder the fall

Case Study – Lion Air

18

• Indonesia’s largest privately run airline (79 destination network)

• Rapid fleet • Signed $22B contract with Boeing in

2011 – 230 aircraft • Signed $24B contract with Airbus in

2013 - 234 aircraft • MOU with Boeing for 5 Dreamliners

For: Bullish Growth

• 2011 IATA safety assessments failed • Jul 2011, 13 planes grounded due to poor ‘On

Time Performance’. • Jan 2012 , airline sanctioned as crew and

pilots were in possession of drugs • February 2012, pilot arrested for possession

of drugs • April 2013 , Lion Boeing 737 (1 month old)

crashed in Bali. Investigations ongoing • Lion banned from flying in Europe

Against: Poor Performance & Safety

Case Study 2 – Define Strategic Objectives

By TAY WOON TECK

8 MAY 2012


20

Are these statements strategic objectives

To become Asia largest fast moving consumer product distributors, we intend to open 5,000 stores in all the major cities of Asia within the next five years.

We are losing market share in our product category Alistar. Each year it declines by 5%. It is our aim to maintain market share for Alistar at 40%

Our cost structure in Singapore is not sustainable. The high labour cost and tight labour situation has seriously hampered our growth. Our strategic objective is to find a solution to address these constraints in Singapore

Our mission is to provide cost effective and energy efficient solution to our corporate clients. We have launched a new energy efficient solution to reduce electricity cost by at least 20%.

Case Study 3 – Setting Risk Appetite and Risk Tolerance

Questions - (10 mins)

By TAY WOON TECK

8 MAY 2012


22

Setting Risk Appetite and Risk Tolerance - Question


Key Success Considerations

Setting Risk Appetite Risk Tolerance

Market Entry Strategy

Product Category and Price Strategy

Human Resource and Manpower Strategy

Capital Structure & Financing Strategy

Case Study 3 – Setting Risk Appetite and Risk Tolerance

Answer Key By

TAY WOON TECK 8 MAY 2012


24

Setting Risk Appetite and Risk Tolerance




Market Entry Strategy We will be selective in defining the major cities in Asia. It has to be a metropolis with high consumer spending so that we can sustain the high rental costs.

1. Disposal income – USD 35,000 per capita

2. Rental cost as a % of sales should be cap at below 20%

3. 2 years of losses with a loss limit cap at $500,000.

Product Category and Price Strategy

Our market segment is the middle and market income segment. The product category and price strategy has to be align to this segment of consumers

1. Price point has to be target at creating demand so that our average $ spending per consumer per visit is $800.


25

Setting Risk Appetite and Risk Tolerance




Human Resources & Manpower Strategy

A critical success factor is our staff has to know the product sufficiently well to advise the consumer appropriately. Our risk appetite is very low for staff who are working on pushing products to consumers without understanding their needs

Product Knowledge Training & Test – 24 hours. Those that pass the test with B grade can be employed.

Capital Structure & Financing Strategy

Our financing model has to ensure that each store is self sustaining within 12 months of operation

Cashflow positive within 12 months

Key Challenges Facing the IA Profession

By TAY WOON TECK

8 MAY 2012


27

Key Challenges Facing Singapore Internal Auditors

• See IA more as a necessary evil to comply with regulatory requirements.

• Expectation is to do the minimum at the cheapest price focusing on accounting internal controls.

Business Owner Managed Business

• See IA more as a control and compliance function with very little strategic business value. It is a cost centre.

• Expectation is very little budget is allocated to develop the skillsets of the IA resources to advise on risk management.

Large Cap Business

• Expect IA professionals to be an integral part of the senior management team to advise them on risk management and internal controls.

• Risk Management and Internal Controls must be embedded into the operations and to be monitored on a continuous basis.

Regulators

• Suffers from low morale and staff retention is difficult. • Not ready and equipped to meet the challenges and

requirements of regulators given the mindset of owner managed corporates and large cap corporates.

IA Professionals


28

Thank You

Panel Discussion Question & Answers


29

Talk to Us

If you want to know more, contact us and we will be glad to assist you:

Tay Woon Teck Managing Director RSM Ethos Pte Ltd DID: +65 6594 7803 Email: [email protected]

Tan Boon Yen Senior Director RSM Ethos Pte Ltd DID: +65 6594 7549 Email: [email protected]

linking strategic objectives to risk management and ... · linking strategic objectives to risk...

Documents