Logo en.artbmxmagazine.com

Corporate governance and corporate risk management or erm

Anonim

Definition of Corporate Governance

Internal system of a company which establishes the guidelines that must govern its exercise, seeking transparency, objectivity and equity in the treatment of partners and shareholders, identifying the management of its Board of Directors or Board of Directors and the social responsibility of its bodies internal and external control, against stakeholders such as customers, suppliers, competitors, third-party employees, resource managers and towards the community in general.

The Risk Management (ERM) and the Corporate Governance are intertwined and focused towards operational, legal, financial, logistical and environmental control, independent from the Board of Directors or the Board of Directors, separating them from the administrative and accounting controls used within the organization internally.

Principles of Corporate Governance

The guiding principles of Corporate Governance were expressed in 1999 by the OECD (Organization for Economic Cooperation and Development) under three dimensions of sustainable development:

a) Enrich economic growth.

b) Promote human and social development.

c) Protection of the environment, that is, aimed at achieving economic, social and environmental results.

The OECD issued a set of guidelines on corporate governance, identifying five guiding principles organized as follows:

a) Rights of the shareholders.

b) Equitable treatment of shareholders.

c) Role of the shareholders.

d) Disclosure and transparency in the presentation of financial reports.

e) Responsibility of the board of directors or boards of directors.

The corporate governance structure must ensure that timely and accurate disclosures are made on all matters related to the corporation, including the financial situation, performance, ownership and governance of the company.

1. The disclosure must include:

- Financial and operational results of the company.

- Company objectives.

- Material and foreseeable risk factors.

- Government structures and policies.

2. Information must be prepared, audited, and disclosed in accordance with high-quality accounting, financial and non-financial disclosure, and auditing standards.

3. An independent auditor must perform an annual audit in order to provide objective and external assurance on how the financial statements have been prepared and presented.

Other practical elements of a Corporate Governance Code

The Institute Of International Finance established some elements for emerging, developing or transition economies, as follows:

- Protection of minority shareholders.

- Structure and responsibilities of the board of directors.

- Accounting and auditing.

- Transparency of ownership and control.

- Regulatory environment.

The International Chamber Of Commerce (ICC) issued a corporate governance guide under the following components:

- Why corporate governance?

- Accounting standards.

- Practice of the audit.

- Board of directors.

- Revelation and transparency.

- Rights of the shareholders.

- Small or family owned businesses.

Accounting standards are essential for the efficient operation of the economy since decisions about the allocation of resources (investments) rest on financial information that is credible, concise, transparent, easily comparable and understandable about the operations and financial position of the companies. companies.

There is a broad consensus on the following basic principles:

a) Companies that prepare financial statements:

- Management should not use legitimate or illegitimate accounting strategies to artificially increase its reported earnings.

- Companies should not disclose only information on financial performance, but intangibles and non-financial information that is most important for value creation and sound decision making.

b) Auditors:

- The audit function must be performed by a qualified and independent entity.

- Auditors should alert accounting and auditing standard setters to emerging doubtful property techniques.

- National accounting professional associations must ensure that their members, as auditors of financial statements, comply with applicable professional standards.

c) Regulators (Government supervisory authority or self-regulatory organization):

- Regulators must appropriately monitor accounting and disclosure requirements.

- Regulators must establish appropriate sanction rules for non-compliance and for violation.

Business Risk Management or ERM

As a result of all the problems that occurred in various countries of the world, expressing distrust of the auditing standards in force established by the accounting associations and not due to government regulations, governments saw the need to make interventions and determine special requirements for external auditors. and to the administrators in the fulfillment of fundamental aspects of internal control, processes and especially requirements of the initially called Risk Management or Risk Management designed by the Basel Accord I and II for financial entities.

Specifically in the United States, the Sabarnes - Oxley Act was enacted in 2002, establishing formalities for governmental, external and internal control, and referring to the responsibility of internal control. This law establishes:

Section 404: Annual Internal Control Report prepared and signed by the External Auditor:

- Requires the company to evaluate and prepare a statement on the effectiveness of its internal control systems over financial information.

- Requires the external auditor to verify and rule on its evaluation made by management in its annual report.

In addition, that the administration has complete and sufficient documentation that serves as a basis both to support its assertions and for the internal control review by the external auditor.

The COSO II ERM is recognized as the standard to comply with section 404 of the Sabarnes-Oxley Act, therefore, a summary of the COSO II ERM is prepared, as well as an application to the audit work of the different companies, in which a fundamental advisory support can be applied to the administrations of the different organizations as a true added value of their work, as is the case in internal audits, representative in the public and private sector in their direction and management by accountants public.

Definition

It is a process carried out by the Board of Directors, the Administration and other personnel of the entity, applying in the definition of the strategy and through the undertaking, designed to identify potential events that may affect the entity, and to manage the risks that are within their appetite for risk, to provide reasonable assurance regarding the achievement of the entity's objective.

This definition reflects certain fundamental concepts:

• A process is a means to an end, not an end in itself.

• Performed by people at each level of the organization.

• Applied in the definition of the strategy.

• Applied through management at each level and unit, it includes assuming a portfolio view of risks at the entity level.

• Designed to identify events that potentially affect the entity and to manage risks within the risk appetite.

• Provides reasonable security for the administration and for the board of an entity.

• Aimed at achieving objectives in one or more separate categories but at the same time overlapping each other.

Fundamentals of ERM

For-profit or non-profit companies should aim to create value for their protectors, owners or shareholders, as well as to face and overcome uncertainties, challenging them with sufficient preparation, to be able to provide a conceptual structure, even if management tries to Effective the uncertainty that risks and opportunities represent, and thus enrich their capacity to generate value.

Benefits of ERM

It operates in a risk-free environment, and ERM does not create such an environment, however, it does represent significant benefits in operating more effectively in risk-filled environments, representing rich capacity to:

a) Align risk appetite and strategy.

b) Link growth, risk and return.

c) Enriching risk response decisions.

d) Minimize surprises and operational losses.

e) Identify and manage the risks of the impacts.

f) Provide integrated responses to multiple risks.

g) Weighing opportunities.

h) Rationalize capital.

ERM is a methodology aimed at achieving "benchmarking" or generating value for the owners or shareholders and towards the permanence of the organization or company and its image in the long term.

Components of Enterprise Risk Management

Risks are classified into four main types: reputation risk, market risk, credit risk and operational risk in all its divisions; As a formality of prevention, detection and mitigation of said risks, the ERM determined 8 interrelated components, which show how the senior management operates a business, and how they are integrated into the administrative process in general, they are:

1. Internal environment.

It is the foundation of all the other components of ERM, creating discipline and properly organizing the business structure, determining strategies and objectives, as well as structuring business activities and identifying, evaluating and acting on risks.

2. Definition of objectives.

Within the context of the mission or vision, strategic objectives are established, strategies are selected and objectives related, aligned and linked to the strategy are established, as well as those related to the operations that provide effectiveness and efficiency of the operational activities, helping the effectiveness in the presentation of internal and external reports or reports (financial and non-financial), such as complying with applicable laws and regulations and their determined internal procedures.

3. Identification of events.

Senior Management normally recognizes that there are uncertainties, internal and external factors that affect the occurrence of an event.

The event identification methodology may comprise a combination of techniques linked to support tools, such as identifying past events (default, price changes, accident losses) and future events (demographic changes, new markets, and competitor actions).). Techniques that focus on planning consider issues such as demographic changes, new markets, and competitor actions. Potentially, events have a negative, positive or both impacts, representing the first immediate, medium or long-term risks, which must be evaluated within the ERM

Among the best known methodologies for event identification, which have been applied by various auditing firms and within the internal methodologies of the company are the matrices "PETS or GESI analysis, SWOT or DOFA analysis, analysis of five forces and matrix of business knowledge and risk identification ”.

4. Risk assessment.

It allows an entity to consider how potential events can affect the achievement of objectives. Management evaluates events under the perspectives of probability (possibility of an event occurring) and impact (effect due to its occurrence), based on past internal (subjective) and external data (they are more objective).

5. Risk response.

Identify and evaluate possible risk responses and consider their effect on probability and impact.

Evaluates options in relation to the entity's risk appetite, the cost and benefit of responding to potential risks, and the degree that most closely reports the possibilities of risk. Responses to risk fall into the categories of avoiding, reducing, sharing, and accepting risk.

6. Control activities.

These are the policies and procedures that help ensure that risk responses are being properly executed, they are part of the process by which a company tries to achieve its objectives. They are classified into general and application controls.

General controls represent the infrastructure of technology, security and acquisition of hardwares, and the development and maintenance of software; and the application controls ensure complexity, accuracy, authorization and validity of the database.

7. Information and communication.

Identifies, captures and communicates information from internal and external sources, in a way and in a time frame that allows staff to carry out their responsibilities. Effective communication also occurs in a broad sense, down or through and up in the entity. At all levels, information is required to identify, assess and respond to risks, as well as to operate and achieve objectives.

8. Monitoring (Ongoing).

It is a process that values ​​both the presence and the operation of its components and the quality of its performance over time. It can be carried out by means of a continuous and periodic evaluation made by the management of the effectiveness of the design and operation of the internal control structure, to achieve an adequate identification of the risk, according to what is planned, modifying the procedures when required.

For proper monitoring, COSO II established the following monitoring rules:

a) Obtaining evidence that there is a culture for risk identification.

b) Yes, external communications corroborate internal ones.

c) Yes, periodic comparisons are made.

d) The auditors' recommendations are reviewed and enforced.

e) If training provides the reality of achieving a risk culture.

f) If the staff complies with the rules and procedures and is questioned.

g) The internal and external audit activities are reliable and effective.

Practice of ERM Business Risk Management in Internal Audit

The definition of separate internal audit in the two main services to be provided, such as assurance and consultation to add value and improve operations, to evaluate and improve the effectiveness of the processes of administration or risk management, control and corporate governance.

Within the international internal audit standards, there are several specific standards aimed at managing the risk management methodology within the two services listed, which are recommended to be applied by the internal auditors, for each case the following:

Audit Plan referring to risk

1. The work plan of the internal audit activity must be based on an evaluation of risks and exposures that may affect the economic entity.

2. The audit universe may include components of the strategic plan.

3. The audit work schedule should be based on the priorities of a risk assessment, such as: materiality, liquidity of assets, competence of management, quality of internal controls, degree of change or stability, time elapsed since latest audit, complexity, government and personnel relations, etc.

4. Changes in management direction, objectives, emphasis and approaches should be reflected in updates to the audit universe and related work plan.

5. When conducting internal audit work, testing and validation methods and techniques should reflect the materiality of the risk and the likelihood of occurrence.

6. Information and communication to senior management should convey risk management conclusions and recommendations to reduce or counter them.

7. The head of internal audit must prepare, in a state of adequacy, internal controls to mitigate risks, at least once a year.

Internal Audit Report on Risk Management (ERM).

The significant observations arising from the work are those situations that, in the opinion of the Head of Internal Audit, may adversely affect the economic entity, which may refer to irregularities, illegal acts, errors, inefficiencies, waste, conflicts of interest, and control weaknesses, resulting those already stated and that have not been corrected.

Likewise, include significant observations and recommendations, clarifying that it is the responsibility of the administration in general to make decisions about the appropriate measures to adopt. Top management may take the risk of not correcting itself due to its cost or other considerations, being its responsibility or that of not taking monitoring measures to eradicate them.

Internal Audit and Enterprise Risk Management (ERM)

Introduction

Corporate Governance, in all areas of total administration, has become important and especially those related to risk administration or management.

One of the procedures that has been implemented in public and private companies has been the formulation of risk maps or risk management frameworks recognizing the advantages that they have represented for many companies within the administrative concept of net benefits within the comparison of the cost vs. benefit ratio.

What is Enterprise Risk Management (ERM)?

It is a structured, consistent and continuous process implemented throughout the organization to identify, evaluate, measure and report threats and opportunities that affect the achievement of its objectives.

Responsibility for ERM

The Board of Directors or the Board of Directors has the responsibility to ensure that the risks are managed. In practice, the Board of Directors delegates to the management team the operation of the risk management framework, who are responsible for carrying out activities to detect and prevent them. There could be a separate function to coordinate and manage these activities and apply special skills and knowledge.

Everyone in the organization plays a role in ensuring the success of risk management, but the main responsibility for identifying and managing them falls on the board of directors or senior management.

Benefits of ERM

ERM can make a huge contribution by helping an organization manage risks to achieve its goals.

The benefits include:

- Greater possibility of achieving the objectives.

- Consolidates different risk reports at the Board level.

- Increases understanding of key risks and their broader implications.

- Identify and share risks around the business, - Increases the possibility that changes in initiatives can be achieved.

- Ability to take more risk for greater rewards.

Activities included in the ERM:

- Articulation and communication of the objectives of the organization.

- Determination of the organization's risk appetite.

- Establishment of an internal environment, including a risk management framework, - Identification of potential threats.

- Risk assessment, for example: impact and possibility of threats occurring.

- Selection and implementation of risk responses.

Assurance in the ERM

One of the key foundations of the Board of Directors or Administrative Council is to obtain assurance that the risk management process is working effectively and that the key risks are being managed at acceptable levels, for which, internal audit is a source key, as it provides insurance in three areas:

1. Risk management processes, in their design and in the way they are working.

2. Management of those risks classified as key, including the effectiveness of controls and other responses to them.

3. Reliability, appropriate evaluations and reports of risk and status of controls.

Role of Internal Audit in ERM

Internal audit is an independent, objective assurance and consultation activity. Its basic role in relation to ERM is to provide objective assurance to the board about the effectiveness of risk management. Similarly, research has shown that the board of directors and internal auditors agree that the two most important ways of Internal audit provides value to the organization, it is providing objective assurance that the main business risks are being managed appropriately and providing assurance that the risk management and internal control framework are operating effectively.

Internal auditing can provide assurance services that improve governance, risk management, and control processes in the organization. The scope of internal audit consulting in ERM depends on other resources, internal or external, available to the board and the maturity of the organization's risk and its possibility of varying over time.

In relation to ERM, the more internal audit is included in risk management, the greater the qualifications that must be required to ensure objectivity and independence on your part.

The consulting roles within an internal audit that can be provided could:

- Make available to management tools and techniques used by internal auditing to analyze risks and controls.

- Be an advocate for the introduction of ERM in the organization, contributing their experience in risk management and knowledge of the organization.

- Providing advice, facilitating workshops, training the organization on risks and controls, and promoting the development of a common language, framework and understanding.

- Acting as a central point of coordination, monitoring and reporting on risks.

- Supporting management in their work, identifying better ways to mitigate a risk.

Corporate governance and corporate risk management or erm
Administration

Editor's choice

The seasons of the year and the stages of life

The seasons of the year and the stages of life

Work teams in process management

Work teams in process management

Statistics applied to the definition of management indicators

Statistics applied to the definition of management indicators

Statistics applied to business

Statistics applied to business

Current status of wineries in Peru

Current status of wineries in Peru

Statement of changes in financial position

Statement of changes in financial position

© Copyright en.artbmxmagazine.com, 2024 October | About site | Contacts | Privacy policy.