The Financial and Regulatory Risk Facing the Organisation in Saudi Arabia - Essay Example

GRC Understanding the financial and regulatory risk facing the organisation” case study in Saudi Arabia 0 Introduction GRC stands for governance, risks and compliance. Financial and regulatory risks are risks that dictate survival and smooth running of any entity. Good governance, prudent risk management and adherence to the established operating standards eliminate or limit financial and regulatory risks. 1.1 Background Global markets have undergone rigorous changes in the past and current centuries. The speed of change has outpaced many business entities and their existence is under imminent extinction. Therefore, the interest of investors, shareholders, customers and shareholders are under real and serious threat. According to Rangasamy (2009), it is predicted that only two thirds of property and half of the life insurance companies will cease to exist by the year 2015. This is because most companies are ill equipped and prepared to handle the risks facing them. To prevent a large number of business and non -business entities from closing down, it is recommended that all the entities must monitor their processes and adopt measures that comply with best operating standards. 1.2 Statement of the Problem Most companies are facing turbulent times. It is estimated that two thirds of property and half of the insurance companies will die before 2015. Companies in other industries are not insulated from dangers facing them either. Therefore, integrating governance, risks and compliance is becoming a necessity and top priority for entities that wish to withstand the test of time. The high profile scandals that have been reported in the past make the implementation of integrated GRC mandatory. 1.3 Research Objectives 1. To determine whether most companies use integrated GRC to implement risk management practices 2. To establish challenges that the companies undergo when implementing integrated GRC 3. To determine factors that influence implementation of integrated GRC in organizations 4. To offer recommendations on better was of integrated GRC in business entities 1.4 Research Questions 1. Do companies use integrated GRC to implement risk management practices? 2. What challenges do the companies undergo when implementing integrated GRC? 3. What factors influence implementation of integrated GRC in organizations? 4. Are there better ways in which companies use to implement integrated GRC in business processes? 1.5 Significance of the Research The research will benefit companies that wish to establish GRC and provide literature reviews for students who wish to investigate integrated GRC. 2.0 Literature Review 2.1 Introduction Governance refers to activities and process necessary for achieving the company’s objectives. According Leech (2010), governance is defined as set of relationships between shareholders and other stakeholders. It provides a framework for setting entities goals, objectives and strategies. legal and regulatory risks refer to risks caused by failure to comply with statutory and other formal regulations that may lead to law suits, bankruptcy and entity closure. Compliance refers to adhering to industry specific regulations set forth by internal and external regulatory bodies and authorities. When, regulations are incorporated as entities policies and procedures, it is expected that it will have direct impact to the financial health of the organization. Regulations are enacted to protect entities’ key stakeholders and the members of the public from accounting errors and practices that are fraudulent. Compliance help the organization to reduce overhead costs, time wastages and protect brand reputation to enable the company achieve its goals and objectives. Risk management and compliance include complex accountability done jointly by a number of areas making it difficult to realize, evolution where drastic and incredible changes are experienced within a short time making implementation difficult to adopt and internalize, Final challenge is minor dissemination of regulations in a wide range of operations. 2.2 Integrated GRC Integrated GRC is a 360-degree approach to identifying entity risks and formulation of appropriate action plans to address the identified risks in accordance with regulatory requirements needed for compliance (Crouhy, Galai, & Mark, 2006). Integrated GRC help to tame and limit financial and regulatory risks. It also set a centre stage for professional risk management approaches thus promoting companies compliance to acceptable standard working procedures. The companies have responded by establishing legal departments with qualified professional under Chief Risk Officer to ensure that risks are dealt with appropriately. There are changes of higher order and increased complexity in the present companies. Increase in the number of regulations, their complexities, and lack of clear understanding on the regulations are raising concerns. As much as many companies comply with several regulations with the help of information technologies, significant gap exists in the compliance. The company must survive the financial storm to prevent it from being blown apart by risks facing them. 2.3 Features of Integrated GRC 2.3.1 Integrated reporting The companies’ board and senior executives demand integrated and timely reports on the organizations residual risk status (RRS). Residual risk refers to the level of risk remaining after gross risks and corresponding controls have been considered. Risk controls approaches include risk sharing, avoiding, mitigating and acceptance (Hampton 2009). Residual risks are the areas of focus. The reports should cover specific formal topics under consideration and the topics should be critical to entities long-term success. 2.2.2 Integrated Methodology/ Terminology All business units, quality control specialists and executive management must embrace information technology systems that consolidate relevant information to produce reliable organizational risk residual reports. Examples of methodologies use to determine the RRS include AS/NZ 4360 and the COSO integrated enterprise risk management. There should be an agreed simple assessment methodology used across all areas to assess the organization, its subsidiaries, processes, objectives and strategies. 2.2.3 Integrated GRC Data Platform Entities must identify, accumulate and quality-producing data to generate reliable and timely reports on the company’s events and level of residual risks. 2.3 Risks Crouhy, Galai and Mark (2006), ascertained that Committee of Sponsoring organizations of the Treadway Commission (COSO) named strategic, operational, regulatory and financial risks as risks that must be addressed by the board and senior management. Financial Risk management refers to volatility or changes in expected returns due to changes in interest rates, exchange rates, stock prices and commodity prices. Strategic risks refer to risks of not achieving long-range goals and objective of the entity. The operational risks are risks associated with effectiveness and efficiency of operations and include losses, employment error, system failures as well as natural and manmade calamities. Other operational risks include industrial actions, corruptions, environmental degradation, and theft of intellectual property, loss of customer information and conflict of interests, changes in regulations, political strife and chaos, natural disasters such as fire, floods and diseases. 2.4 Factors influencing implementation of Integrated GRC 2.4.1 Economic crisis 2.4.2 Globalization 2.4.3 Resource availability 2.4.4 Traditional silo based exhibited high failure rates 2.4.5 Increasing penalties caused by GRC failures 2.4.6 Real-time exposures of transgressions 2.4.7 Severe sanctions 2.4.8 Loss of money 2.4.9 Stigma attached to bad corporate governance 2.5 Importance of implementing GRC 2.6 Challenges faced during implementation of Integrated GRC 3.0 Methodology The data will be collected from employees of the company through a questionnaire that will be developed. The questionnaire will dwell on issues that affect corporate governance, corporate risk management and regulatory environment. The data will be analyzed using the statistical package for the social scientists (SPSS) and the findings will be represents in charts and graphs where applicable. 4.0 References 2001 FCA Performance and Accountability Report DIANE Publishing. Barton, T., Shenkir, W. & Walker, P. (2002) Making enterprise risk management pay off. FT Press, Bhole (2009). Financial Institutions & Markets 5E. 5th edn. India: Tata McGraw-Hill. Bishop, T. & Hydoski , F.(2009) .Corporate Resiliency: Managing the Growing Risk of Fraud and Corruption. New Jersey: John Wiley and Sons Blount, Boston, S., Cooper, N. & Camm, M. (2009). Under Control: Governance Across the Enterprise. London: Apress. Chapman, A. (2007). Never Talk When You Can Nod. Compliance, eDiscovery And Enterprise Content Management Systems: How technology can be used to help solve problems, increase business efficiency and mitigate risk - not just to enforce adherence to regulations. USA: Lulu.com Collier, P. (2009). Fundamentals of risk management for accountants and managers: tools & techniques. Oxford: Butterworth-Heinemann Crouhy,M., Galai, D. & Mark, R. (2006). The essentials of risk management . New York: McGraw-Hill Professional de Decker, H. & Schaumüller-Bichl , I. (2010) Communications and Multimedia Security: 11th IFIP TC 6/TC 11 International Conference, CMS 2010, Linz, Austria, May 31 - June 2, 2010, Proceedings . Germany: Springer. de Wulf, L. & Sokol, J. (2005). Customs modernization handbook. Washington: World Bank Publications Department of Labor (2008). Occupational Outlook Handbook, 2009. Washington: Skyhorse Publishing Inc., Great Britain: Office for Criminal Justice Reform (2007). Working together to cut crime and deliver justice: a strategic plan for 2008-2011 The Stationery Office. Great Britain: Office for Criminal Justice Reform (2007). Working together to cut crime and deliver justice: a strategic plan for 2008-2011. Norwich: The Stationery Office Grünendahl, R. & Will, P. (2006). Beyond Compliance: 10 Practical Actions on Regulation, Risk and It Management. Germany: Springer Guizot, A. (2007). The hedge fund compliance and risk management guide. New York: John Wiley and Sons. Hampton, J. (2009). Fundamentals of enterprise risk management: how top companies assess risk, manage exposures, and seize opportunities. New York: AMACOM Div American Mgmt Assn, International Monetary Fund (2008). Republic of Lithuania: 2008 Article IV consultation : staff report, staff statement, public information notice on the Executive Board discussion, and statement by the Executive Director for the Republic of Lithuania. Washington: International Monetary Fund International Monetary Fund United Republic of Tanzania: Sixth Review Under the Three-Year Arrangement Under the Poverty Reduction and Growth Facility and Request for a Three-Year Policy Support Instrument - Staff Report; Staff Supplement; Press Release on the Executive Board Discus .Washington: International Monetary Fund International Monetary Fund. Western Hemisphere Dept, International Monetary Fund. Monetary and Exchange Affairs Dept (2003) Barbados, financial system stability assessment: including reports on the observance of standards and codes on the following topics-- monetary and financial policy transparency, banking supervision, securities regulation, insurance regulation, corporate governance, and payment systems. Washington: International Monetary Fund. IT Policy Compliance Group (2006). Contingency Plan Template Suite for HIPAA BIA, BCP and DRP: Business Impact Analysis (BIA), Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) Supremus. Group LLC, Koch, C. (2004). The Sarbox conspiracy: how auditors and CFOs are using Sarbanes-Oxley to gain power over CIOs. What you can do. How you can do it. 1 Jul 2004 108 pages Vol. 17, No. 18 Kondabagil, J.(2007). Risk management in electronic banking: concepts and best practices .New York: John Wiley and Sons. Labor Statistics Bureau (2006). Career Guide to Industries, 2006-07. Washington: Government Printing Office Lam, J. (2003). Enterprise risk management: from incentives to controls. New York: John Wiley and Sons. Lamm, J., Blount, S., Boston, S., Cooper, N. & Camm, M. (2009). Under Control: Governance Across the Enterprise. USA: Apress Leech, T. Integrated Governance, Risk & Compliance (“Grc”): Boogeyman fear mongering, pot of gold at the end of the Rainbow, or just good business? Leitch, M. (2008). Intelligent Internal Control and Risk Management: Designing High-Performance Risk Control Systems. Endland: Gower Publishing, Ltd. Lorey, D. (2003). Global environmental challenges of the twenty-first century: resources, consumption, and sustainable solutions. Wilmington: Rowman & Littlefield Lynch, G. (2009). Single Point of Failure: The Ten Essential Laws of Supply Chain Risk Management. London: John Wiley and Sons Mäntysaari , P.(2009) The Law of Corporate Finance. General Principles and Eu Law: Cash Flow, Risk, Agency, Information. Germany: Springer Marchetti, A. (2005). Beyond Sarbanes-Oxley compliance: effective enterprise risk management. New York: John Wiley and Sons Marchetti, A. (2007). Sarbanes-Oxley ongoing compliance guide: key processes and summary checklists. New York: John Wiley and Son. Minoli, D. & Kouns, J. (2010). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. New Jersey: Wiley-Interscience, Mishkin, F. (2001). Prudential supervision: what works and what doesnt. Chicago: University of Chicago Press. Mol, T. (2003). Productive safety management: a strategic, multi-disciplinary management system for hazardous industries that ties safety and production together. Oxford: Butterworth-Heinemann OECD (2002). Canada: maintaining leadership through innovation. France: OECD Publishing, Office of Management and Budget (2009). Budget of the United States government: Fiscal year 2010. Appendix. Washington : Government Printing Office, Olson, D. &Dash Wu, D. (2008). Enterprise risk management. London: World Scientific Oxford Business Group (2010). The Report: Egypt 2010. Oxford: Oxford Business Group Paulus, S., Pohlmann, N. & Reimer, H. (2005). ISSE 2005: securing electronic business processes : highlights of the Information Security Solutions Europe 2005 conference. Germany: Springer Political Science / Government / Legislative Branch Congressional Office Subjects. Washington Pupke, D. (2008). Compliance and Corporate Performance: Impact of Compliance Coordination on Corporate Performance. London: BoD – Books on Demand. Rangasamy, M. Increase the Efficiency of Risk Management and Compliance Saxena, A. (2008). Enterprise Contract Management: A Practical Guide to Successfully Implementing an ECM Solution. Florida: J. Ross Publishing Spedding, L. & Rose, A. (2008). Business risk management handbook: a sustainable approach. Oxford: Butterworth-Heinemann Tarantino, A (2008). Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices. New York: John Wiley and Sons Tarantino, A. (2008). Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices. New York: John Wiley and Sons Vu Broady,, D. & Roland , H. (2008). SAP GRC. For Dummies, Indiana: For Dummies. World Bank (2005). Agriculture investment sourcebook: agriculture and rural development. Washington World Bank Publications. World Bank (2005). Household risk management and social protection in Chile. Washington: World Bank Publications Read More