EVALUATING RISK MANAGEMENT AND CORPORATE GOVERNANCE SYSTEMS IN INTERNAL AUDITING

managements

ALTE DOCUMENTE

PERSONAL EFFECTIVENESS

11 Rules of Work Etiquette For The Boss

7 tips in advance

The 21 Irrefutable Laws of Leadership

NATIONAL COMPANY FOR MOTORWAYS AND NATIONAL ROADS S.A.

Project example - how to develop and write

People Whose Ideas Influence Organisational Work Frederick Winslow Taylor - Scientific Management (1856-1915)

Experiential ways of Team-Building

Want to Get More at the Bargaining Table? Learn to Flinch at Proposals

Never Say Yes to the First Offer

EVALUATING RISK MANAGEMENT AND CORPORATE GOVERNANCE SYSTEMS IN INTERNAL AUDITING

Abstract

The nature of the internal auditing activity is defined by a systematic and methodical approach of evaluating and improving the relevance and efficiency of the processes of risk management, of control and of corporate governance and the quality level achieved by fulfilling the assigned tasks. Evaluating the pertinence of risk management, control and corporate governance processes has the goals to offer a reasonable warranty, that the said processes are working as anticipated and that they do allow the comp 737r172h any to reach its purposes and to propose recommendations for improving the operating way of the company with regard to efficiency and effectiveness.

The internal audit service periodically evaluates the ethic environment within the company and the effectiveness of strategies, tactics, communication and other processes, applied in order to achieve the desired level of compliance with the legal provisions and with the standards of ethics.

Key words: internal auditing and risk management, corporate governance systems, efficiency, effectiveness, and ethics performance.

The role of internal auditing in the risk management process

Risk management implies a process of identification, evaluation management and control of possible events and situations, in order to provide a reasonable warranty of achieving the company's goals. Internal auditing plays a key part in the company's risk management and corporate governance processes. The object of the practical implementation of the standards is to help internal auditors define their role in the risk management process of a company, yet without excluding taking into consideration other elements as well.

For defining the role of internal auditing in the risk management process of a company, certain recommendations have to be taken into consideration, such as:

a) Risk management is a major responsibility of the management, whose obligation is to ensure the implementation and good work of the risk management processes, in order to achieve the company's goals.

b) b) The main goals of auditing are normally evaluating the company's risk management processes and providing information related to the evaluation.

c) The person responsible for internal auditing has to know the expectations of the management and the board of directors with regard to the role of internal auditing in the company's risk management process.

d) The responsibilities and activities of all persons who are implied individually or as a group in the company's risk management process have to be coordinated.

To exemplify, such activities and responsibilities consist in:

defining strategic orientations that are the responsibility of the board of directors or of a committee;

responsibilities relating to risks may be the responsibility of the general management;

accepting residual risks may be the responsibility of the managing staff. Residual risk is the risk that remains after the management has taken the necessary steps for reducing the impact and the probability of the occurrence of an undesired event, even after taking control steps as an answer to the respective risk.

the continuous operations of identification, evaluation, mitigation and monitoring, which may be the responsibility of the executing staff;

the periodical evaluations and warranty provision that may be the responsibility of internal auditors.

e) Internal auditors are expected to identify and evaluate the significant risk exposures within their current activities.

f) The role of internal auditing in the risk management process of a company may evolve in the course of time, and may be performed as follows:

no internal auditing intervention;

auditing the risk management process within the internal auditing programme;

actively and continuously supporting the risk management process and participation in it, especially in the supervising and monitoring committees and by means of providing reports regarding this process;

managing and coordinating the risk management process.

g) The managing staff and the audit committee have the responsibility of determining the role of internal auditing in the risk management process. The management's opinion about the role of internal auditing depends on several factors, such as the company's culture, the internal auditors' competence, the local conditions and the usance in the respective country.

h) There are certain guidelines regarding the role of internal auditing in the risk management process and recommendations contained in the practical ways of implementation, regarding the following: the role of internal auditing in absence of a risk management process, the internal auditors' responsibilities from other functions, the evaluation of the risk management process and taking into consideration of risks in elaborating the audit programme.

Evaluating the risk management process

During their counselling mission, internal auditors approach the risks according to the goals of their mission and take into consideration the existence of other significant risks.

In the process of identifying and evaluating the company's risk exposure, internal auditors include their information about the risks obtained from their counselling mission.

Internal auditors have the obligation to ensure that:

the groups or individuals involved in corporate governance, including the board of directors and the audit committee, understand the methodology;

the risk management process does achieve the following goals: the risks implied by the company's strategies and activities are identified and hierachised;

the management and the board of directors set a risk level that is acceptable for the company, including the risks assumed for implementing the company's strategic plans;

activities of risk mitigation are created and implemented, in order to reduce or manage the risks, taking into consideration the limits of acceptability, set by the management and the board of directors;

permanent monitoring of activities is performed, in order to periodically re-evaluate the risks and the effectiveness of the controls that allow risk management;

reports regarding the results of risk management processes are periodically provided to the board of directors and to the general management. Corporate governance processes have to provide to the persons involved a periodical presentation of the risks, risk strategies and controls.

In order to formulate a professional opinion regarding risk management processes, internal auditors have to:

ensure that the methodology used is exhaustive and adapted to the nature of the company's activities;

to have enough evidence to prove that the main goals of risk management processes are adequately achieved.

Internal auditors make use of procedures such as:

researching and analysing information and references regarding the company's field of activity, its recent evolution and tendencies, as well as any other relevant source of information, in order to determine the risks that could affect the company and the control procedures used for managing, monitoring and re-evaluating those risks;

examining the company's policies and the minutes of deliberation of the board of directors and of the audit committee in order to determine the company's strategies, its approach regarding risk management and its acceptance of risks;

examining the reports of risk evaluation prepared bay the management, by internal or external auditors and from time to time by other sources that are competent to prepare such reports;

organising meetings with the persons responsible for operating and with their managers in order to set the goals of each branch of activity, the risks they imply and the steps taken by the management with regard to monitoring, control and mitigation of the risks;

acquiring information for evaluating, independently, the effectiveness of the risk monitoring, notification and mitigation process and the corresponding control activities;

checking whether the information or reports regarding risk monitoring have been transmitted to the appropriate hierarchic level and whether the reports regarding the results of risk management have been transmitted by the appropriate means and respecting the set deadlines;

ensuring that the risk analysis performed by the management and the steps taken in order to solve the problems raised within the risk management process, have exhaustive character and proposing solutions for improving the situation;

appreciating the effectiveness of the self-evaluation process adopted by the management, relying on observations and tests regarding the monitoring and control procedures, that check the accuracy of the information used in monitoring activities and relying on other relevant techniques;

examining possible weak points in the risk management strategies and from time to time analysing them together with the management, the audit committee and the board of directors.

Contribution of internal auditing to the company's governance process

Internal auditing makes evaluation and also important recommendations for improving the corporate governance process in order that the following goals are achieved:

promoting ethical values within the company;

ensuring a responsible company management that works efficiently;

effectively reporting the risks and information about control to the adequate structures within the company;

effectively coordinating activities and reporting the information among the management, the internal and external auditors and the board of directors.

Internal auditing may promote and defend ethics in different ways, such as:

appointing from the company's employees a person responsible for ethics, a mediator, a person responsible for conformity, a manager's counsellor or an expert in the field of ethics;

appointing from the company's employees, or from the members of the audit committee a person responsible for evaluating the ethical environment within the company.

The internal audit service periodically evaluates the ethic environment within the company and the effectiveness of strategies, tactics, communication and other processes applied in order to achieve the desired level of compliance with the legal provisions and with the standards of ethics.

Document Info

Accesari: 723
Apreciat:

Comenteaza documentul:

Nu esti inregistrat
Trebuie sa fii utilizator inregistrat pentru a putea comenta

Creaza cont nou

A fost util?

Daca documentul a fost util si crezi ca merita
sa adaugi un link catre el la tine in site

Copiaza codul:
in pagina web a site-ului tau.

eCoduri.com - coduri postale, contabile, CAEN sau bancare

Politica de confidentialitate | Termenii si conditii de utilizare