AYB221 Lecture Notes - Lecture 5: Operational Risk, Systemic Risk, Liquidity Risk
Week 5 Lecture
Module 1 – Accountants & Risk Management
- Why should accountants be concerned with risk?
1. Management expects accountants to take a proactive approach to
eliminating/reducing system threats, detect, correct, and recover from threats if and
when they occur
- Changes in Risk regulation
1. The Accounting Professional & Ethical Standards Board’s new standard APES 325
Risk Management for Firms came into effect on 1 January 2013.
▪ The standards require firms to identify and address key organizational risks
applicable to the circumstances of each practice
- Organization Collapses
1. An analysis of the spectacular losses suffered by organisations around the globe over
the last two decades were in fact the result of a break down in, or total lack of an
effective risk management and control environment within the organisations
concerned.
- What is Risk?
1. Risk is the likelihood that a threat will actually arise
2. For organisations, risks occurring will result in financial loss
▪ Sources of risk in an organization: Operational risk, market risk, credit risk,
liquidity risk, documentation risk, regulatory risk, reputation risk, systemic
risk
- Risks related to AIS
1. In an organization, the AIS is part of its operations
▪ Therefore, risks related to AIS are operational risks
2. What sort of risks can impact on an AIS?
▪ Natural and political disasters
▪ Software errors and equipment malfunctions
▪ Unintentional acts
3. Exposure- actual financial loss associated with the adverse event
- What is risk management?
1. Risk management is the identification, assessing the potential loss and prioritizing
the risk.
2. Followed by coordinated and economical application of resources to minimize,
monitor and control the probability of unfortunate events
- How much risk to tolerate?
1. Depends on organizations Risk Appetite
▪ Risk Appetite- the amount of risk an organization is willing to take to achieve
its goals and objectives
▪ Risk Taker or Risk Adverse?
- Setting Risk Appetite
1. Key Questions:
▪ What risks will the organization not accept?
▪ What risks will the organization take on new initiatives?
▪ What risks will the organization accept for competing objectives?
- Why are AIS threats increasing?
1. Big data
2. Distribution of data is widespread
3. Customers & suppliers can access each other’s systems and data, creating
confidentiality risks
4. Cloud computing adds a whole new level or risk
5. Inadequate protection
- Risk Framework
1. Framework- a structural plan or basis of a project – a set of guidelines
2. Risk management processes of organisations are under scrutiny and subjects to
increased regulation
3. Risk is an essential part of any business. It can’t be avoided
▪ Properly managed, it drives growth and opportunity.
▪ Often, executives struggle with business pressures that may be partly or
completely beyond their immediate control.
4. To help manage this risk, established Risk Frameworks are used
- Approach to Managing Risks
1. Enterprise Risk Management (ERM) – a holistic (total) risk management approach
▪ PROCESS, effected by an entity’s board of directors, management and other
personnel, applied in strategy setting and across the enterprise, designed to
identify potential events that may affect the entity, and manage risks to be
within its risk appetite, to provide reasonable assurance regarding the
achievement of entity objectives.”
- Why ERM?
1. Key Underlying principles:
▪ Every entity, whether for-profit or not, exists to realize value for its
stakeholders. – Survival is important
▪ Value is created, preserved, or eroded by management decisions in all
activities, from setting strategy to operating the enterprise day-to-day.
▪ Every decision (attempt to create value) will have an element of Risk
▪ ERM – a way to have a better understanding on the implications of
decisions
- 2 Frameworks to Help Manage Risk
1. The COSO Framework
▪ COSO - Committee of Sponsoring Organizations of the Treadway
Commission
▪ Role: provide guidelines to organisations to manage their operations
▪ Aspects of operations include:
▪ organizational governance,
▪ business ethics,
▪ internal control – known as the COSO IC,
▪ enterprise risk management – known as the COSO ERM,
▪ fraud,
▪ financial reporting
2. AS/NZS ISO 31000:2009
- Internal Environment
1. Management philosophy, operating style and risk appetite
2. Board of Directors/Audit Committee
3. Integrity, Ethical Values and Competence
4. Organisational Structure
Document Summary
Why should accountants be concerned with risk: management expects accountants to take a proactive approach to eliminating/reducing system threats, detect, correct, and recover from threats if and when they occur. Changes in risk regulation: the accounting professional & ethical standards board"s new standard apes 325. Risk management for firms came into effect on 1 january 2013: the standards require firms to identify and address key organizational risks applicable to the circumstances of each practice. What is risk management: risk management is the identification, assessing the potential loss and prioritizing the risk, followed by coordinated and economical application of resources to minimize, monitor and control the probability of unfortunate events. Why are ais threats increasing: big data, distribution of data is widespread, customers & suppliers can access each other"s systems and data, creating confidentiality risks, cloud computing adds a whole new level or risk.