This document contains a summary or overview of all the lessons (notes) and slides of the course 'Risk management and internal control', taught by Kris Hardies. At the end of each part, the quizzes are added as well (with the right answers). No guest lectures or separate cases were added, as they c...
Risk Management & Internal Control
Prof. dr. Kris Hardies
2022/2023
Chapter 0: Introduction
0.1 BP Oil Spill
Cause for the oil spill: the organizational culture inside the company
Encouraged cost cutting & cutting of corners
Rewards workers for doing it faster and cheaper, not better
Management failure
Risk management will never work if the organizational culture isn’t right
0.2 Risk categories
I. Category I Risk control failures
Internal
Preventable
Known
E.g.: Siemens Bribery & Corruption scandal (breaching fiduciary duties)
II. Category II Risk control failures
New market or product
Not following or doing something that should be done
E.g.: Ford’s Edsel – “wrong car at the wrong time”,
McDonald’s Arch Deluxe – marketed specifically for adults but everyone
wanted cheap burgers
Walt Disney’s Disneyland Paris – first 10 years huge losses because of the
cultural differences (e.g. no alcohol policy)
Nokia missing the smartphone boom & Polaroid missing the digital
revolution
III. Category III Risk Control Failures
External events (all black swan events = unpredictable events)
E.g.: September 11 attacks, emergence of new technologies (the
internet), 2011 Tōhoku earthquake & tsunami
Changing environment: Source of risk
(Fortune 500 companies keep changing over time)
1
,0.4 Risk management
Risk: The possibility that an event will occur and adversely affect
the achievement of objectives.
Risk management: reducing the likelihood or impact of circumstances that could cause
outcomes to be less than desired.
Managing the change process
Risk management is a corporate governance requirement (Belgian Code on Corporate
Governance)
How much uncertainty is the organization willing to accept in their value creation process?
(every entity exists to provide value for its stakeholders)
Uncertainty: risks as well as opportunities
Managing risks eliminating risks: risks are accepted and managed, not eliminated.
COSO ERM (Enterprise Risk Management) framework
Roles and responsibilities:
o Board of Directors
o CEO
o Chief Risk Officer (CRO) & other top
executives
o Senior management
o Staff
o Internal Audit
o External Audit
o Regulatory Entities
Corporate governance: The system by which companies are directed and controlled. Boards of
directors are responsible for the governance of their companies. The shareholders’ role in
governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate
governance structure is in place. The responsibilities of the board include setting the company’s
strategic aims, providing the leadership to put them into effect, supervising the management of the
business and reporting to shareholders on their stewardship. The board’s actions are subject to laws,
regulations and the shareholders in general meeting.
2
,Chapter 1: Internal Control
1.1 Governance & culture
Governance: sets the organization’s tone, reinforcing the importance of, and establishing
oversight responsibilities for, ERM.
Culture: pertains to ethical values, desired behaviors and understanding of risk in the entity.
The control environment: the set of standards, processes and structures that provide the basis
for carrying out internal control across the entity.
The internal environment: encompasses the tone of an entity and sets the basis for how risk is
viewed and addressed by an entity’s people, including risk management philosophy and risk
appetite, integrity and ethical values and the environment in which they operate.
Integrity and ethical values: code of conduct (explains values inside the company and what is
acceptable)
Commitment to competence
Board of Directors (or Audit Committee): must have independence & competence to override
system controls
Board: Governing body of an entity, which may take the form of a board
directors or supervisory board for a corporation, board of trustees for a not-
for-profit organization, general partners for a partnership, or owner for a small
business.
Management’ philosophy & operating style
Organizational structure
Assignment of authority and responsibility
Human resource policies and practices
Tone at the top: The ethical environment within the firm created through management
practices and espoused values.
Organizational culture control environment
1.2 Questions at the end of the chapter
1. What is not a synonym for the internal environment?
o Control environment
o Governance and culture
o Tone at the top
2. A risk culture is defined by:
o All stakeholders
o Management
o The CEO
3
, Chapter 2: Strategy & Objective-setting
Every entity has a strategy for bringing its mission to fruition and to drive value.
ERM: The culture, capabilities and practices, integrated with strategy-setting and its execution,
that organizations rely on to manage risk in creating, preserving and realizing value.
Business objectives provide the link to practices within the entity to support the achievement
of the strategy.
2.1 Strategy and Risk appetite
Strategy should be consistent with risk appetite
Risk-return tradeoff (do we want less risk or more return?)
Rarely linear or one-to-one
Risk appetite: the types and amount of risk, on a broad level, an organization is willing
to accept in pursuit of value. (=its mission)
Chosen by management (endorsed/confirmed by board of directors)
May change over time (in line with risk capacity)
Risk capacity = maximum amount of risk an entity is able to absorb
Risk tolerance: Acceptable level of variation (in performance) relative to the
achievement of objectives.
Needs to be aligned with risk appetite
Achievement of objectives
The risk pyramid
2.2 Objective setting
Objectives: what an entity desires to achieve.
Strategic objectives
Related objectives (operating, reporting, compliance)
Objectives must exist before management can identify potential events affecting their
achievement!
Aligned with the entity’s mission
Aligned with the entity’s risk appetite
4
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur raniboons. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour €8,49. Vous n'êtes lié à rien après votre achat.
