Corporate Compliance to Risk Management - Research Paper Example

Running Head Corporate Compliance Report Corporate Compliance Report 1. Introduction 1.1. Risk Management Expectations Risk associated with making forecasts or estimates focuses more on the matter of predictability than loss. Defining risk is complicated by the fact that it can be decomposed into two components: likelihood and impact. When a risk event is considered from the perspective of likelihood, this colors whether the company or its financial officers think it is risky. With business risk, there is the opportunity for gain as well as loss. Following SOCO, “All entities face uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value” (2004, p. 1). This chance for gain, offset against the prospect of loss, energizes and excites many entrepreneurs. The framework proposed by COSO helps companies to develop a successful and effective plan which meets the requirements and risk areas stipulated by COSO. The bigger the risk is, the greater is the prospect for gain—and for loss. Risk management plays an important role for a Pre-Paid Phone Cards company allowing management to predict and foresee possible dangers and solutions. 1.2. Departmental Objectives Recognize the risk and its impact on the organization Establish effective framework and integrated into the management activities Prevent risk situations Reduce risk occurrence Transfer the risk to a third party, Contingency planning (Integrated Risk Management 2006). 1.3. Risk Management Model Corporate Policy towards Risk Management An Initial Corporate Risk Profile Risk management Guidelines (according to COSO’s guidelines) Implementation Plan (Integrated Risk Management 2006). 2. Risk Management Implementation 2.1. Objectives Strategic objectives of the risk management plan are to cover all areas of Pre-Paid Phone Cards service and reduce risk situations and their negative impact on the company. Operations objective is to recognize that when a task is being done for the first time, the risk of not achieving budget, schedule, or specification targets is substantial. Also, the nature of new technology is that its development faces more than the usual levels of uncertainty. Reporting objective is to meet established procedure and report all risk satiations. Compliance objective is to respond effectively to rules and regulations, financial reposting and corporate laws (Broder, 1999). 2.2. Risk Management Process Risk management process will consist of the five main steps (Crouhy et al 2006): Plan for risk: managers in financial department will prepare to manage risks consciously. Effective risk management does not occur by accident. It is the result of careful forethought and planning Identify risk. Financial department will routinely scan the organization's internal and external environment to surface risk events that might affect its operations and well-being. Through this process, they develop a good sense of the bad things they might encounter in projects and operations. Examine risk impacts, both qualitative and quantitative. After financial officers develop a sense of the risk events they might encounter in Step 2, systematically determine the consequences associated with their occurrence. Think through hard-to-measure consequences by means of a qualitative analysis. Develop risk-handling strategies: Now that financial officers know what risk events they might encounter (Step 2) and the consequences associated with them (Step 3), develop strategies to deal with them. Monitor and control risks. As projects and operations are underway, financial officers need to monitor the organization's risk space to see if untoward events have arisen that need to be handled. If the monitoring effort identifies problems in process, then steps should be taken to control them. Steps 2 through 4 constitute risk assessment comprise an intellectual exercise that allows financial officers to explore risk space in order to prepare the department to handle the occurrence of untoward events (Crouhy et al 2006). Step 5 takes financial officers into the realm of action by having them deal with problems that are unfolding. Following COSO, relevant information should be “identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities” (COSO 2004). 2.3. Expected Outcomes Strategic – the goal is to reduce risks and prepare the company’s staff to respond to risk situations. The goal is to maintain the safety of clients and employees (, then safety-oriented procedures will be practiced. Operations – The goal is to carry out operations in the most cost-effective manner possible, then purchasing processes might be established to avoid overspending on supplies and services. Cost control points might be embedded in all operations, enabling financial managers to track cost performance. A reward system might be implemented: people and teams that realize major cost savings in their operations are given bonuses. They provide managers with guidance on what steps they can take to reduce the likelihood of untoward events arising, and when they do arise, what steps they can take to minimize their negative impacts (Crouhy et al 2006). Reporting – The goal is to introduce system reporting system and analyze risk areas. Employees should report to managers about conflicting situations. They also complain that these assignments interfere with their regular duties, thereby jeopardizing their ratings on performance appraisal reviews. Compliance – The goal is to identify risk events and study their potential impact, and develop strategies to handle them. Risk audits will be conscious, systematic attempts to examine an organization's projects, processes, and risk management procedures to determine whether things are progressing smoothly or whether problems lurk in the shadows. They are conducted by risk audit teams of highly experienced men and women who are trained on good risk management practices. 3. Limitations Risk management cannot cover all areas of uncertainty and risks. Staff may surface risk events that otherwise would not be recognized. Consequently, they reduce the number of surprises that managers encounter in their work efforts. Risk management plans enable managers to calculate the consequences of untoward events (Broder, 1999). With this information on the impact of risk events, managers can make informed judgments on what directions they want to travel in. The usefulness of plans is limited by the quality and quantity of information available to managers for making informed judgments. They do not provide managers with sufficient insights to predict untoward events with high levels of specificity (Broder, 1999). 4. Internal Control and Monitoring By identifying risk events, studying their potential impact, and developing strategies to handle them, Pre-Paid Phone Cards Company has carried out the basic steps that constitute risk assessment. Financial officers are now prepared to deal with life's curve balls. But they should be aware that until this point, risk management has largely been an intellectual exercise. Internal control should be exercised in a regular basis in compliance with laws and regulations (COSO Home Page 2004). For risk monitoring to be successful in surfacing risk events, three conditions need to be met: The monitoring effort must be focused on the right sources of information. This is an obvious point. In internal control, the information must be timely and the people reviewing the information must be able to make sense out of it (Broder, 1999). Status reports are the most commonly used mechanism to assess progress on projects and operations. They are usually issued monthly. For the most part, they follow a prescribed format. Financial officers should describe budget performance for the past month or identify milestones achieved and missed. A common feature of status reports is that they focus on variances from the plan (Broder, 1999). 5. Emergency Response Team As with individuals, organizations should consider insuring themselves against disasters. One way to do this would be to establish an emergency response team. The team should be fairly small, with representatives from key parts of the organization—for example, from the information technology, operations, marketing and sales, finance, and legal departments. As a group, they should identify in what ways the organization is vulnerable to crises. They should develop plans for dealing with different types of crises and establish guiding principles to provide decision makers with a rough map of what paths they should travel during trying times (Broder, 1999). They should meet regularly to discuss possible threats to the organization and to clarify and modify procedures that the organization can follow to handle crises. They should maintain a close relationship with the organization's communication department to establish an intelligent crisis communication plan. 6. Conclusion The gap between what the Pre-Paid Phone Service plan to deal with and what actually happens can be enormous. This fact should not be surprising, since when dealing with risks, financial officers are dealing with unknowns. If the company has good risk management processes in place, it can make educated guesses about what risk events the comapny might encounter, and it can even establish steps to deal with them. However, the Pre-Paid Phone Service should recognize that its best guesses can be dramatically off the mark. The test of a good risk manager is that when reality differs from the expected scenario, he or she can improvise and deal with the surprises effectively. The overarching objective of risk managers should be to develop a conscious approach to managing risk in their organizations. If they achieve this, then questions about tools and techniques take care of themselves. A five-step process allows to identify risk events, examine their impacts, develop strategies to handle them, and then monitor and control them. As organizations have grown sensitive to the need to implement good risk management practices, the employment of risk audits has increased dramatically. References 1. Broder, (1999). Risk Analysis and the Security Survey. (2nd edition). Butterworth-Heinemann; 2 edition. 2. Enterprise Risk management Framework (2004). COSO Home Page. Available at: www.soco.com 3. Crouhy, M., Galai, D. Mark, R. (2006). The Essentials of Risk Management. McGraw-Hill Professional. 4. Integrated Risk Management - Implementation Plan (2006). http://www.dfo-mpo.gc.ca/communic/cread/irm/plan_e.htm Read More