Chapter 6 – Risk-management as a foundation of organisational success Flashcards
How does risk management reduce uncertainty?
Risk-management can be used as an information-gathering tool. This might include collecting data on past risk events to build a clearer picture of what can occur.
What is the role of anticipation and resilience in risk management?
o Anticipate and predict risk events so that the probability of negative events can be reduced, and positive ones be increased (note that all risks cannot be anticipated)
o As a means to help organisations respond effectively to, and recover quickly from, risk events that have not been anticipated (black-swan events)
What internal control management tools can be used in risk management to support the internal control environment?
- Risk-based compliance reviews – particularly for areas where non-compliance penalties are high or where risk-assessment and monitoring activities suggest that there is a higher risk of non-compliance
- Internal audit – may incorporate compliance reviews to investigate the degree of compliance with applicable laws and regulations
- External audit – review on an annual basis whether the financial reporting controls within an organisation are adequate. This is to ensure that the FS are accurate and free from material misstatements
What is the role of the board in risk management?
- Approving the risk-appetite statement
- Setting the strategy that must be reflective of the organisational values and behaviours (corporate culture)
- Challenging management on key risk-appetite assumptions and definitions
- Seeking more comprehensive assurances from management on how non-financial risks are monitored and mitigated and not a box-tick approach.
- Encouraging management to discuss risks in relation to the strategy
- Hiring independent external advisors to evaluate risks of acquiring a sizeable business or asset
- Connecting the internal audit function to strategic planning and strategic risk-management processes, as well as calibrating the output from the internal audit reports within the context of strategy
What are the most common barriers that hold organisations from pursuing strategic risk?
- Corporate culture: management does not support strategic risk-taking initiative
- Lack of risk prioritisation: organisations place higher priority on managing day-to-day risks at an expense of missing the bigger picture
- Failure to perform adequate due diligence: organisations fail to properly conduct risk/benefit analysis that would make management and boards comfortable about taking strategic risks
- **Lack of a designated risk manager **to stay on top of emerging trends and navigate different strategic risk-taking ideas throughout the organisation
What can excessie risk-taking lead to?
Excessive risk-taking may sometimes lead to an organisation assuming greater and less justifiable risks that can erode or completely destroy its value.
This is usually linked to the corporate culture of an organisation through its organisational risk attitude. Risk attitude is defined as a chosen state of mind or a response to a single decision or an action that could result in more than one potential positive or negative outcome
Enron’s bankruptcy is a prominent reminder of how a corporate culture that encourages arrogance and excessive risk taking can lead to the demise of an organisation. Despite having a 64-page code of ethics in place, Enron failed to adequately monitor and prevent behaviours that were not aligned with its code.
Enron’s corporate culture was described as a culture of arrogance that made people believe that they could take excessive risks without any consequences. Upon its bankruptcy ling, numerous Enron executives were charged with criminal offences, such as fraud, insider trading and money laundering.