Home > Risk > ACCA continues to contribute to risk management literature

ACCA continues to contribute to risk management literature

I want to recommend this paper (available from my LinkedIn profile, as usual) from the ACCA.

It contains a wealth of useful information, not only on its major theme (tempering the pursuit of profit), but on other aspects such as risk culture – a favorite topic of mine.

On page 33, they have a list of what comprises effective risk management:

  • Understanding the control environment, including the competence of the board and staff, the culture, key motivators and the ethical climate.
  • Understanding the company’s strategy and purpose and the associated risks.
  • Understanding of the business model, the value drivers, the systems and their associated risks.
  • Balancing risk against reward.
  • Efficient business processes, including management and financial reporting systems.
  • Compliance with relevant requirements.
  • An appreciation that risk management is not about managing individual risks, but about understanding patterns of risk and how they are interrelated.
  • Understanding all the significant risks threatening, or potentially threatening the company, including those which might kill it.
  • The board and the company’s attitude to risk and their willingness to accept it.
  • The ability to manage risks so they are within limits of acceptability.
  • A process of feedback involving monitoring and learning, so that strategic and other key decisions are taken only where the risks are understood and acceptable.
  • In any complex large organisation, an independent assurance function that gives objective assurance, to the board or the non-executive directors, on each of the above elements.
  • The board having ownership of, and strong commitment to, risk management, including a clear understanding of the above elements.

This is an interesting list, and I would only differ in emphasis on the first three. I don’t believe it is sufficient simply to “understand” these factors.

  • The control environment (they are referring to the layer in the COSO internal control framework of the same name) needs to be more than understood – it needs to be effective. I would have preferred reference to the equivalent layer in COSO enterprise risk management framework: the internal environment
  • Risks and strategy need to be linked, and then managed together – a more active activity than simply understanding strategies and related risks
  • The business model and drivers are critical to an effective risk management. In my opinion, the effectiveness of a risk management program is in large part measured by its contribution to the consistent achievement of business strategies and the enhancement (or at least protection) of business value

The paper says that an independent assurance function (such as internal audit) is necessary in “any complex large organisation”. I agree, and suggest that it may be necessary in smaller or less complex organizations as well.

This earlier post on evaluating the effectiveness of a risk management program, and this post about a UK framework for assessing risk management, may be useful.

  1. Jorge Iwaszkiewicz
    July 15, 2010 at 11:12 AM

    Dear Norman:

    Seems your link to download tha ACCA is not working properly….just wondering whereelse can this be downloaded. Thanks.

  2. nmarks
  3. nmarks
  4. Chong Ee
    July 16, 2010 at 11:16 AM

    Norman, thanks for the article link. I particularly like reading about the dynamics amongst individual, corporate and societal levels. I agree with you on tying risks with strategy. In understanding risk interdependencies though, I feel we can go a step further in exploring how multiple risk factors may interact to create a perfect storm: http://www.isaca.org/Journal/Blog/Lists/Posts/Post.aspx?ID=19

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: