Presented by Straton Makundi Partner, Auditax International MBA, ACCA, B.com Email: straton@auditaxinternational.com Transcending Business Confidence
Contents Introduction Risk Management in Tanzania Standards / Principles on Risk Management Embedding Risk Management in Organizational Activities Developing A Risk Management Framework The role of Accountants in Risk Management Challenges and Way Forward Discussion, Questions Transcending Business Confidence
Introduction Why was the recent global financial crisis not spotted timely by Auditors, Accountants, Regulators, Professional bodies, bankers etc.? Transcending Business Confidence 3
Introduction Various organizations in Tanzania and elsewhere (both private and public) are exposed to a number of risks which if not properly managed may hinder the achievement of their objectives. This presentation is focusing at providing understanding of risk and risk management and shall attempt to emphasize and remind us the importance and benefits of managing risks, the most common risk management frameworks, our role as accountants in risk management and the challenges of risk management in Tanzania. The Institute of Internal Auditors defines risk as “ the uncertainty/possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood” . ISO defines risk as “ effect of uncertainty on objectives. Note that an effect may be positive negative, or a deviation from the expected. Also, risk is often described by an event, a change in circumstances or a consequence. ” Transcending Business Confidence 4
Introduction Institute of Risk Management (IRM) defines risk as “ the combination of the probability of an event and its consequence. Consequences can range from positive to negative”. Thus from the definitions above we can conclude that: Risks results from pursuing objectives Risks have impacts on objectives Risks can be an event, situation or circumstances which are uncertain . Some people confuse between a risk and a problem. Risks are uncertain (future events which may or may not happen) which should be managed while problems are certain (have happened or certain of happening) thus requiring solutions. Transcending Business Confidence 5
Introduction Risks can be categorized according to their nature and effect. The most common types and categories of risks are: i) Strategic risks: Risks pertaining to the entity’s direction, external environment and to the achievement of its plans e.g. changes in government policies, political changes etc. ii) Compliance risks: Risks of contractual relationships/meeting regulatory obligations e.g., non- compliance with tax laws, contractual obligations or environmental regulations. iii) Operational risks: This emanates from operational activities e.g. inadequate human resources, low quality of services, physical damage to assets or security risk. Transcending Business Confidence 6
Introduction iv) Technical risks: Risks of managing assets such as machine failure, IT risks like virus incidents, computer crash etc. v) Financial and systems risks: Risks resulting from financial controls and systems, e.g. fraud, theft or misappropriation of funds, lack of funding, delayed procurements etc. Transcending Business Confidence 7
Introduction What is Risk Management? The Institute of Internal Auditors (IIA) defines risk management as “ a process for identifying, assessing, managing, and controlling potential events or situations to provide reasonable assurance regarding the achievement of organization's objectives ” . Why Risk Management? The potential benefits of managing risks are: Provision of a reliable basis for decision making i.e. it facilitates strategic and operational planning because of comfort that objectives and performance targets will be achieved as management becomes aware of events which may hinder achievement. Stakeholders confidence and trust is increased Improved communication across the organisation Effective uses of resources as surprises and shocks are reduced Enables compliance with legal and regulatory requirements Improved health and safety as well as environmental protection Transcending Business Confidence 8
Risk Management in Tanzania The Government of Tanzania (via the Internal Auditor General’s Office) has mandated all public sector organizations to adopt and implement risk management practices. Treasury Circular No. 12 of 2013 requires all Accounting Officers to establish and implement risk management processes in their organizations. The Public Finances Act (2001) amended in 2010 established the Internal Auditor General’s Unit under the Ministry of Finance. The Unit is responsible with issuing of guidelines and conducting reviews and assessments of the quality and effectiveness of risk management practices across MDAs and LGAs. In December 2012, the Internal Auditor General issued the Guidelines for Developing and Implementing Institutional Risk Management Framework in the Public Sector. This document provides step-by-step guidelines on how to implement risk management. Transcending Business Confidence 9
Risk Management in Tanzania Implementation Requirements for the 2012 Guidelines Specifically the IAG Division, 2012 Guidelines on Risk Management requires each government entity including Parastatal Organizations to develop, implement and enhance a risk management framework which ensures that: There is a policy, culture and structure that facilitates how the organisation will identify record and monitor risks, including procedures for reporting risks information to the Accounting Officers and other oversight organs; There is a risk management process which is in line with international standards for risk management (e.g. ISO 31000 or COSO etc.); The risk management process is part of the strategic, operational and annual business planning activities of the organisation; There is a risk register that is used to record, rate, monitor and report risks; There is an established process for monitoring, reviewing and enhancing risk management and governance systems . Transcending Business Confidence 10
Risk Management in Tanzania In 2010 the Bank of Tanzania issued Risk Management Guidelines for Banks and Financial Institutions. Its Risk Management Framework for instance requires banks and financial institutions to have: Active Board and Senior Management Oversight Adequate Policies, Procedures and Limits Risk measurement, monitoring and management information systems Adequate Internal Controls Independent Review etc. The guidelines also prescribe Credit , Liquidity, Market and Operational Risks, Strategic and Compliance Management Guidelines. The guidelines were updated to include some risks such as Strategic and compliance risks and merge some risks into market risks. Transcending Business Confidence 11
Standards/Principles on Risk Management Risk management relies on established principles and international standards. Common standards and models for risk management proposed by different institutions are: ISO 31000:2009 Risk Management – Practice and Guidelines BS 31000:2008 Code of Practice for Risk Management-British Code COSO:2004 Enterprise Risk Management – Integrated Framework FERMA:2002 A Risk Management Standard-Federation of European Risk Management Association Solvency II:2012 Risk Management for the Insurance Industry Basel I and II Guidelines for financial institutions The most common models are: ISO 31000 of 2009 and the COSO of 2004. The Tanzanian Government Risk Management Guidelines allow Government entities to decide on any of the internationally recognized standards to base on its risk management architecture. Transcending Business Confidence 12
Standards/Principles on Risk Management COSO The Committee of Sponsoring Organisations (COSO) was established in the mid-1980s to sponsor research into the causes of fraudulent financial reporting . Its mission now is to: “provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations” . COSO has been influential because it provides frameworks against which risk management and internal control systems can be assessed and improved especially where corporate scandals, occurred in companies where risk management and internal control were deficient. It has been providing best practice on Risk Management and Internal Control. Transcending Business Confidence 13
Standards/Principles on Risk Management COSO Enterprise Risk Management Model Transcending Business Confidence
Recommend
More recommend