12 - Systems of risk management and internal control Flashcards
8 responsibilities of the CoSec re. internal management and internal control
- Develop strategic objectives
- Identify principal risks (to strategic objectives)
- Carry out ‘robust’ assessment of principal risks
- Explain how risks are being managed/mitigated
- Monitor risk man. and int. control systems
- Review effectiveness of systems at least annually
- Assess future viability of company re current position and principal risks
- Report on above in annual report
What is FRC’s additional guidance on risk man. and int. control called?
Guidance on Risk Management, Internal Control and Related Financial and Business Reporting
Define risk
The possibility that something unexpected or not planned for will happen
What are the two types of risk an organisation should plan for?
- Downside risk
- Upside/opportunity risk
3 examples of downside risk
- Fires
- Earthquakes
- IT breakdowns
2 examples of upside risk
- Sales volumes being higher than expected
- Investment decision yielding better than expected results
4 categories within ‘business risk’
- Reputational
- Competition
- Business environment
- Liquidity
Governance risk relates to risks associated with: (4)
- Structure
- Processes
- Information
- People and culture
Internal controls can be classified into which 3 main types?
- Preventative controls
- Detective controls
- Corrective controls
Who is ultimately responsible for managing risk?
The Board
What are the 4 categories of risk?
- Financial
- Organisational
- Compliance
- Strategic
3 examples of financial risks
- Risk of errors or fraud in accounting systems
- Liquidity risk
- Credit risk
3 examples of operational risks
- Theft of information from the org
- Inefficient or ineffective use of resources
- Errors and omissions by staff
What is a compliance risk?
Non-compliance with important laws or regulations, leaded to legal action and/or fines
3 examples of strategic risks
- Political risks
- Environmental risks
- Stakeholder risks