In the present work, the objective is to elaborate a procedure for the identification, evaluation and hierarchization of risks in the international legal consulting activity. A detailed bibliographic review of the subject of Internal Control Risk Management was carried out through the theoretical foundation and the general principles of Administration and identification of risks, as well as the functions for understanding this matter and the main purposes, obtaining as a result of the application of the procedure the necessary elements to evaluate the effectiveness of the internal control system in the entity
INTRODUCTION
In the past, the main dangers and risks were associated with nature and natural disasters, now, they are primarily attributed to human actions and decisions, not only due to recklessness, but in most cases due to the incapacity of the human being to foresee the distant effects of its technological and social role.
Ecological, genetic, financial and other risks are typical of civilization, many of them are difficult to perceive before the damage occurs. That is one of the reasons why in recent decades risk has become a key category in the human condition and in the social sciences of our time.
Due to the economic, industrial, regulatory and operational conditions that are continuously modified, mechanisms are necessary to identify and minimize the specific risks associated with the change, which is why the need to manage them is increasing.
For a long time, a peculiar feature of the Cuban practice in risk management consisted in the fact that the works had an eminently operational focus, and very few addressed the economic-financial edge, as a summarized expression of the impact of risks on the general position of the objective analyzed.
Resolution 60/11 states that internal control has been designed essentially to limit the risks that affect the activities of entities. Through the investigation and analysis of the relevant risks and the extent to which the current control neutralizes them, thus evaluating the vulnerability of the system.
Internal control and risk management are two essential elements, which must be considered similarly within an organization.
Every entity must create its own tools for risk management and prevention, this component must become a natural part of the strategic planning process, where such management and prevention is assumed as an essential need and a key instrument to develop the control objectives. Internal, it must be carried out through a continuous and basic process for the organization, a constant review, update and improvement of internal control, based on a specific risk detection and assessment system with the characteristics of the entity.
In risk management and prevention, it is considered that in addition to diagnosing them at the company level, they must be identified and analyzed at the level of activity, department and operation in order to estimate their importance, and establish control activities that guarantee to the maximum its management.
The International Legal Consulting is a company that stands out in providing legal services to individuals, national and foreign legal entities based in Cuba and abroad.
The International Legal Consultancy has identified and evaluated the risks in accordance with Resolution 297/2003. But it does not carry out any risk analysis and among the factors that affect this situation is the absence of a procedure to identify and measure the possible impact of the evaluated risks and their ranking to comply with the second component of current Resolution 60/2011 by What is stated the following problem:
How to manage risk in the legal consulting activity through the internal control system?
The following is derived as an objective:
Prepare a procedure for the identification, evaluation and ranking of risks in the legal consulting activity.
Plotting as research tasks:
- Analysis of the theoretical framework regarding risk management in its relationship with internal control. Diagnosis of current risk management in the entity. Proposal of a procedure for risk management, based on the contextualized application of methods and techniques. described in the bibliography on the topic Review and refinement of Risk Identification Risk estimation, Change Detection and Determination of control objectives to comply with the second component of resolution 60/2011.
By completing these tasks, the following hypothesis is reached:
If a technique-based procedure is applied to identify the effect and rank risks in the international legal consulting activity, it will contribute to the effectiveness of risk management in this entity.
The thesis has the following structure:
The thesis is structured in introduction, three chapters, conclusions and recommendations, bibliography and annexes.
The first chapter deals with the conceptual theoretical foundation on risk management as well as the methods and techniques for identifying and evaluating risk.
The second chapter presents the characterization of the International Legal Consulting.
In the third chapter, the proposed procedure and its application in branches throughout the country in the International Legal Consultancy are validated.
The scientific novelty is manifested in the adaptation of risk management techniques to the particularities in which this company operates that have their expression in the designed procedure.
Methods and techniques
To comply with the tasks outlined, the following theoretical research methods were used:
Prouty frequency criterion method: the risks are classified according to the frequency of loss criterion when events occur.
Severity or financial criteria method: risks are classified according to the impact they have on the entity.
Judgment was also used using the statistical criterion of the mode corresponding to the value with the highest relative frequency.
Standard questionnaires on loss exposures, developed by many organizations over the years, are also used.
The empirical methods used were:
The interview: To obtain direct, broad and open information, both with managers and with specialists related to the activity of International Legal Consulting.
The documentary study: To review all the documentation related to the International Legal Consulting.
Prevention Plan Year 2014, International Legal Consulting.
General Organization of Legal Consulting.
Inspections Performed at the International Legal Consulting.
Legal Consulting Procedures Manual.
In addition, the SPSS was used as a statistical package for the survey procedure.
DEVELOPING
Theoretical Considerations
Business risk management
Risk management is the discipline that combines the financial, human, material and technical resources of the company, to identify and evaluate potential risks and decide how to manage them with the optimal combination of cost-effectiveness.
According to Fred Weston and Eugene F. Brigham, risk refers to the probability of occurrence of an unfavorable event. A concept of risk from Saíz's point of view is the following: “The risk is linked to the uncertainty that generally surrounds any economic event, in the sense of contingencies that can cause losses. It comes to be the opposite side of security. The risk increases over time. " For his part, Dr. Antonio Vico states that risk is a fortuitous and uncertain event resulting from human actions, or the action of an external cause, which may intervene in the scope of the goals set, causing direct or indirect damage to the heritage.
According to Knight (sa) the risk is the probable uncertainty, while on the other hand Sharpe and Brealey (sa) state that it is the weighting of both the positive and negative deviations of the results, however for Galesne the risk arises when in a project On the one hand, the uncertainty of the results converge and, on the other, the undesirable nature of some of those results.
Although there are several definitions of risk management, all agree that it is a logical and systematic method to identify, evaluate and manage the risks associated with any activity, function or process, in a way that allows the entity that performs it, take advantage of expansion opportunities, minimizing losses.
What is common to these definitions is that they recognize that risk management is an activity that the company must carry out and that it has an impact on its results.
From the point of view of the scope of risk management, it is given by COSO (2004), in its report it indicates that business risk management is a process, carried out by the entity's management, directors and other personnel, applied to the strategy and the establishment of objectives and that is developed throughout the organization, aimed at identifying potential events that may affect the entity and manage the risks within its risk appetite to provide reasonable security in achieving the objectives of said entity.
Risk management is the discipline that combines the financial, human, material and technical resources of the company, to identify and evaluate potential risks and decide how to manage them with the optimal combination of cost-effectiveness.
Risk Management in Cuba
In Cuba, the legislation that covers how each company must manage risk according to its characteristics is Resolution 297 of 2003 issued by the now-defunct Ministry of Audit and Control, today the General Comptroller of the Republic. Which has five components and the second is the risk assessment that this research deals with.
The risk management and prevention component
Finally, the current Resolution 60/2011 (MAC, 2011), establishes in its Second Section (Risk Management and Prevention), article 11, subsection A, last paragraph, that: “Once the risks have been identified, they are analyzed, applying for it the principle of relative importance, determining the probability of occurrence and, where possible, quantifying an estimated assessment of the affectation or loss of any kind that could be caused ”.
What happens to many of the specialists, sometimes not exactly economists, and even when this is the case, who are faced with the challenge of preparing prevention plans and quantifying the associated risks, is that there is no methodological procedure for the execution of the task, which otherwise deals with risk in its subjective nuance.
Subjective risk, better known as risk perception, is an area that is at a relative disadvantage with respect to objective risk, quantifiable in the hands of experts when the aforementioned data is available. For example, in the business environment, the quantification of probabilities of events that occurred, but not adequately recorded, as well as consequences related to loss of prestige, but not appropriately valued from the economic point of view, are examples of subjectivities that make evaluation difficult. of risk. In the case of subjective risk, the interpretation of hazards depends, among others, on a diversity of factors that vary according to individual characteristics, cultural and income levels, demographic characteristics, social groups, beliefs,nature of company and / or state risks and policies. This diversity of nuances represents a real challenge for the analyst who must carry out the complex task of analyzing subjective risk.
The consequence of the aforementioned disadvantage is that the quantification of risks is avoided in most prevention plans drawn up in Cuban entities. In fact, the final formats of the prevention plans that are drafted according to current legal requirements (MAC, 2011, p. 28), exclude the Consequences or Losses resulting from the “Possible negative manifestations”, the Frequency values of the manifestations, the losses associated with the consequences and, finally, the Risk derived from said product. The lack of this result prevents the more objective prioritization of risks.
Classification of risks
In order to study the risk, it is necessary to establish its classification, for this there are different authors, who give their classifications, we will only comment on some of them:
Static and dynamic risks
Fundamental and particular risks
Financial and non-financial risks
Pure and speculative risks
Risk identification format:
1-Process;
2-Purpose of the process;
3-Causes;
4-Risk;
5-Description
6-Effects
Characterization of the International Legal Consulting.
The International Legal Consulting is an entity established under Decree Law No. 77, of January 20, 1984, on civil service companies, by virtue of Public Deed number 175, authorized by Attorney Pedro Rodríguez Chacón, who was a Notary Public of the Special Notary of the Ministry of Justice, in charge of the Directorate of Registries and Notaries of that Ministry, on May 14, 1986. It was registered in the Central Register of Anonymous Companies in book 161, folio 110, sheet 1642, section second, first registration, and in the Second Mercantile Registry of Havana in book 669, folio 110, page 6723, first registration, as it results from the founding deed and the corresponding registry certification, issued on May 12, 1995.
It has its legal address at Calle 16 No. 314 between 3rd and 5th avenue, Miramar, Playa Municipality, Havana Province.
International Legal Consulting is a leading entity in the national market, a position reached by the diversity of the service portfolio, which allows us to provide a wide range of legal services to natural and legal persons, national and foreign, based in Cuba and abroad, referred to assistance and representation before the State Bodies, Courts, Prosecutors, Courts of Arbitration, in all branches of Law, as well as notary services, immigration and documentary procedures and the sale of Insurance Policies.
The entity's mission is “to provide legal services to national and foreign natural and legal persons based in Cuba and abroad, referring to assistance and representation before State Organizations, Courts, Prosecutor's Office, Immigration Procedures, for breach of obligations and in general all kinds of legal services ".
The vision is “to be a leading company in the national market, a position achieved by the diversity of our product portfolio, the specialization, quality and comprehensiveness of services, and the training, professionalism, talent and experience of our legal body that has allowed us position and establish ourselves competitively in the international market, being distinguished and recognized for the efficiency and effectiveness of our performance based on the full satisfaction of customers.
Its logo is as follows:
They are functions of the International Legal Consulting.
- Comply and enforce current legislation Organize, direct and control the provision of services Project and execute your plans and budgets, as well as the objectives and goals to be achieved in each period and periodically control their compliance Apply the policy of stimulation and sanction approved in the entity. Organize, direct, supervise and control the compliance of the control and prevention system that guarantees the preservation of resources and avoids any criminal manifestation. Facilitate adequate communication with workers in general; At the same time promote greater participation of the latter in the processes of direction, decentralization and administration of the resources assigned to them. Participate and support the process of innovation and rationalization,in a way that enables the acquisition and incorporation of new scientific and technical knowledge into the activity it carries out. Respond to the corresponding body for the quality of the work carried out in the sphere of administrative management. Guarantee the application of strategic planning, policies and values of the entity.Determine the training needs in its sphere of action.Participate in the process of planning and control of compliance with the measures for the stimulation of workers.Control the compliance with safety and health measures in the work and preservation of the environment in its sphere of action. Analyze the behavior of its costs and expenses and apply measures to reduce it. Contribute to improving the entity's corporate image.Keep up-to-date with the laws issued by the country; dominate and comply with those that correspond to it by law. Prepare and implement the regulatory base of the entity. Prepare and update the strategy; Periodically assess their compliance at the Board of Directors, taking the necessary measures to rectify deviations. Ensure that each level of management has the functions and powers in accordance with the established structure and that the appropriate personnel have been selected for their performance.. Prepare, regulate and apply the operation of the collective management bodies.Periodically assess their compliance at the Board of Directors, taking the necessary measures to rectify deviations. Ensure that each level of management has the functions and powers in accordance with the established structure and that the appropriate personnel have been selected for their performance.. Prepare, regulate and apply the operation of the collective management bodies.Periodically assess their compliance at the Board of Directors, taking the necessary measures to rectify deviations. Ensure that each level of management has the functions and powers in accordance with the established structure and that the appropriate personnel have been selected for their performance.. Prepare, regulate and apply the operation of the collective management bodies.
Risk assessment diagnosis
To be able to carry out the Financial Administration of Business Risk in the International Legal Consultancy of Camagüey. First, it was necessary to carry out a diagnosis, to know the preliminary situation that the company has.
To do this, a survey was carried out to 100% of the population, that is, to all the workers of the entity.
All recognized that the Prevention Plan exists, which is updated and consultation with workers. When asked about the periodicity with which it should be done, the criteria were very varied, and none in particular is suggested, so the frequency established in the current regulations was assumed.
In addition, for diagnosis the Self-control guide of the
This year's Internal Control System issued by the General Comptroller of the Republic of Cuba, specifically the Risk Assessment Component, detecting that the areas, processes, subprocesses and risks associated with them are not identified. Determining what is presented below:
The processes, threads and activities are not identified for each area and in the entity in general.
The risks that affect the fulfillment of the objectives and goals of the entity are not identified, for each process, thread and activity.
The Plan of Measures for the Prevention of Discipline is prepared, Illegalities and manifestations of Corruption (Prevention Plan)
Compliance with the measures of the Prevention Plan is reviewed on the date on which it is verified.
There are no deficiencies or irregularities related to indisciplines, illegalities or manifestations of corruption that are not identified in the prevention plan as possible manifestations and measures to take.
The Prevention Plan is analyzed and updated with the participation of the workers.
The opportunities, threats, strengths and weaknesses for each area and in the entity in general are not identified.
The frequency with which risks are presented is not determined.
The probable loss that the risks may cause is not quantified.
The specific objectives to be controlled are not determined.
Control procedures are not established to prevent risks from occurring.
The measures to be adopted to face the risks effectively and economically are not implemented.
There is no follow-up and the variation in the risks is evaluated to determine how they have changed and whether their incidence has increased or decreased.
The established controls are not modified, based on the monitoring and evaluation of the variation in risks.
Methodology
Process identification methodology.
Phase 1: A methodology is established that aims to support the processes in the different services:
Define the mission of the service.
Identify clients and their needs:
Identify strategic processes, key processes and support processes.
You can talk about three types of processes:
- Strategic processes: Fundamental processes Support processes
Once the fundamental processes of the Service have been defined, their owners or managers must be assigned.
The processes must be developed in such a way that it is sufficiently clear what steps must be taken to carry it out.
Risk Assessment Component
In Consultoría Jurídica Internacional, SA, there is no work standardization activity because the characteristics of the specialized services it provides are not possible to predetermine the time, nor the way that will be used to complete the work, always with the objective that it is in the shortest possible time.
The provision of services is designed so that clients receive them as quickly as possible. To do this, a multi-office policy has been put into practice. The entity's mission is correctly defined and clients have been identified according to the services it provides, so it is necessary to identify the areas, processes and sub-processes in order to identify the risks and manage it correctly.
Strategic processes
Area: Administration.
Process: Strategic plan.
Responsible: Director of the branch.
Features:
Fundamental processes
Area: Migratory and documentary procedures.
The proposal for this step, shown below, was submitted to the criteria of the specialists to identify the risks and analyze which are the real and relevant risks in the area of immigration and documentary procedures.
1 is not risk, 2 is not relevant, 3 is relevant, 4 is relevant, 5 is very relevant
Phase 2: Risk assessment
Step 1: Based on the assumed criteria, the scale of frequency of occurrence and the impact of risks was applied.
The services provided are shown below:
| Description |
| Passport extension to people residing abroad |
| Extension of stay in other countries |
| Obtaining a Migratory Movement Certificate |
| Obtaining the Casuistry Certificate |
| Obtaining Certificate of Study Program and Thematic Plan |
| Obtaining a Graduate Certificate or Title |
| Obtaining a Study Program |
| Obtaining the Thematic Plan |
| Obtaining Certification of Notes |
| Obtaining a criminal record |
| Obtaining Certification of registry documents |
| Legalization of MINREX Teaching Documents |
| Legalization of OACE Teaching Documents |
| Legalization in the MINREX Registry Documents |
| ESTI translation |
| Handling and sending documents |
To determine the criterion for measuring frequency, the frequency mode was identified by the statistical method.
(1) Uncommon (2) Moderate (3) Frequent
| Risks | Frequency | fashion | |||||
| one | two | 3 | 4 | 5 | 6 | ||
| 1. Stop making the pre-invoice model for the payment of the provision of customer service. | one | two | two | two | one | two | Moderate |
| 2. Requests in the DIE for paperwork from people who have not hired our services and include our intervention using work relationships as officials in that institution and not requiring the presence of payment receipt | two | 3 | one | two | two | two | Moderate |
| 3. Collection of immigration procedures using mechanisms other than those officially established, negligently. | one | two | one | one | one | one | Infrequent |
| 4. Preparation of passport extension to people residing abroad not being in Cuba and not reviewing the passport documentation. | two | two | one | one | one | one | Infrequent |
| 1. Undue charge for obtaining unfinished teaching documents. | two | 3 | two | one | two | two | Moderate |
| 2. Failure to comply with the established term of the processing of the process of the clients and for the client not fulfilling its objective due to the delay of the procedure, this can bring with it cash refund. | 3 | 3 | 3 | 3 | two | two | Frequent |
| 3. Limitations in the procedures due to difficulties in receiving and printing documents due to the poor technical condition of the fax and printers. | 3 | 3 | 3 | 3 | two | one | Moderate |
| 4. Error by the Technician in filling out forms to obtain and legalize Criminal Records. | two | two | 3 | 3 | 3 | 3 | Moderate |
| 5. Processing by SACI of falsified contracts and documents of legalization or obtaining documents for not requiring a photocopy of the payment receipt on the back of the contract. | 3 | 3 | 3 | two | one | two | Moderate |
| 6. Not being able to contract documents to translate due to not having a margin of completion by the SACI translator | 3 | 3 | 3 | 3 | two | 3 | Frequent |
| 7. Processing of documents to the institutions and these not requiring a photocopy of the contract and payment receipt. | one | one | one | two | one | two | Infrequent |
Measures to identify the impact.
| level | Denomination | Description |
| one | Mild | The financial impact of lost or lost income is from 1 to 4% of the total in the year. |
| two | Moderate | The financial impact of lost or lost income is from 5 to 8% of the total for the year. |
| 3 | Serious | The financial impact of the losses or income not received is from 9 to 12% of the total for the year. |
| 4 | Catastrophic | The financial impact of the losses or income not received is 12 to 15% of the total for the year. |
In order to identify the impact of the risks, the average value of the frequency was found. The impact = average value (X) the frequency. And in order to determine the impact evaluation, the particularities of the type of service and the total amount paid for this activity annually, which is provided in this entity, mainly income from migratory and documentary services, were taken into account.
Example: $ 27000.00 X 3 = $ 81000.00
$ 81000.00 / $ 2632490.00 = 0.030 X 100 = 3%
Minor Impact: The financial impact of lost or lost income is from 1 to 4% of the total in the year.
58,500.00 X 3 = 175,500.00
175,500.00 / 2632490.00 = 0.066 X 100 = 7%
Moderate Impact: The financial impact of lost or lost income is from 5 to 8% of the total for the year.
Step 2: Ranking the risks using the statistical mode method.
Taking into consideration that this area is of vital importance for development after the identification and evaluation of risks, the analysis was applied by two of the Fashion Statistics methods, where the importance of the risks identified by the author is evident, when see the possible measures to be taken.
Phase 3: Preparation of the prevention plan
The prevention plan is presented in Annex 6, due to its length. It includes the identification of the processes associated with a particular area (migratory and documentary procedures), the risks, possible negative manifestations, impact, ranking, measures to apply, managers, executors and date of compliance
CONCLUSIONS
The following conclusions were reached:
- The identification and ranking of risks is a decisive process for organizational decision-making. The procedure designed for this investigation incorporates various analytical methods for risk management and its application provides timely and relevant information for decision-making. This procedure can be generalized, prior contextualization to the studied entity. In the International Legal Consultancy, the level of risk identified is medium due to non-compliance with some and established procedures for internal control.
RECOMMENDATIONS
So it is recommended:
- That the entity's specialists are regularly trained in the subject of risks, that the Prevention Plan is presented to the workers and that they participate in its update The risks identified must be followed up by seeing their variations, in order to determine how they have changed and whether their incidence has increased or decreased.
BIBLIOGRAPHY
- Business risk management. (2011). Retrieved January 25, 2012 from the EcuRed database.Belmar Muñoz, V. (sf). Risk prevention - Implementation of an operational risk control system in the company. Santiago de Chile. 2000. Retrieved on December 15, 2008, from http: //wwwmonografía.com/trabajos15/estadística/estadísticashtml. CECOFIS: Distance Education. Basic Course in Risk Management. (2005).:. Components of financial risk. (2010).:. Risk components. (sf). Retrieved on April 16, 2010, from http://www.fisterra.com/mbe/investiga/3f_de_riesgo/3f_de_riesgo.htm Risk components. (sf). Retrieved on April 16, 2010, from http://www.imf.org/external/np/vc/2005/100705s.htm Coopers and Lybrand. (1997). The new concepts of internal control. COSO report. (I take). Madrid:Díaz de Santos editions. González, B. (2001). The Bases of Business Finance. Havana:. González-Cueto, LA (2006). Financial catastrophes and risk as an input.:. Hunt, B. (2001). Issue of the Moment: The Rise and Rise of Risk Management. In Mastering Risk (Volume 1). United Kingdom: Pearson Education Ltd. Koprinarov, B. (2005). Business risk and its management. Venezuela. Retrieved on December 15, 2008, from http://www.analitica.com. Risk management. Its impact on the Cuban company. (2007). Recovered www.ventasdeseguridad.com/vds-9-5_laadministración November 20, 2011 León, M. (2004, November). Internal Control Matrix.. Retrieved on September 15, 2008, from http: //wwwgestiopolis.com.Martínez, F. (sf). Identification and evaluation of risks.:. Maskrey, A. (2002, March).Concepts and definitions of relevance in risk management.. Retrieved on August 15, 2008, from http://www.snet.gob.su/documentos/conceptos.htm. AS / NZS 4360 Standard: Steps in developing and implementing a risk management program.. (1999, March). Retrieved on September 15, 2008, from www / grupokaizen.com.Padilla, ZJ (2002, December). The responsibility of control. Costa Rica university. Comptroller. (Article 6). Bulletin, (2).. Retrieved on September 15, 2008, from http://ocu.ucr.ac/boletin2-2002-articulo6.htm.Pelegrin, EL (2001). The Complement or Alternative Insurance for the Cuban State Company. Havana: Pelegrin, EL (2002). RISK Analysis AND CONSULTING SERVICES.:.Percedo, MI (2004).Territorial Analysis of Biological Risk for Emergency diseases in the Animal Population. Cuba: CENSA Editions. Pérez, A. (2001). Design and implementation of a quality system and hazard analysis in food processing plants. Published master's thesis, medicine, National Center for Agricultural Health, Havana, Cuba, Resolution 297/03. Internal control. (2003). In the Official Gazette of the Republic of Cuba. Ministry of Finance and Prices, Cuba. Resolution No. 01975. Risk Management.. (2004, February). National Service of Learning SENA, Colombia. Retrieved on December 15, 2008, from www // sena.edu.co.Rooney, J. (2000). 17 steps to improved safety for medical devices. Quality Progress, 33-41.Rosés, F. (April, 2000). The risk map allows you to see the threats that the company has..Retrieved on November 15, 2008, from http://diariomedico.com/gestion/ges.220300.com.Toledano, J. (2003). Conference Ongoing Workshop on Risks, causes of risks and controls. Specialty of economic-financial management of Higher Education. Cuba:.Vico, A. (2004). Conferences given in the Curricular Doctorate of Accounting. Camagüey: University of Camagüey..Weston, JF (1992). Fundamentals of Financial Administration.: MONTH.Fundamentals of Financial Administration.: MONTH.Fundamentals of Financial Administration.: MONTH.
