The purpose of Risk Management Solution

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

1.) Introduction

Risk Management Solution helps an organization to categorize and obtain a clear overview of risk and actions to be taken to manage it. It helps you answer questions like "How successful are we in our efforts to avoid mishap" and "How do we optimize our processes taking cost, regulations and risk into account" and "what are the key risks we need to manage in order to optimize our chances for success with achieving our company strategy, business unit goals and team objectives."

Auditing is a profession and activity involved in helping organizations achieve their objectives. These objectives can be achieved by using a systematic methodology for analyzing business processes, procedures and activities with the goal of highlighting the organizational problems and recommending solutions. These Professionals called auditors are employed by organizations to perform the internal auditing and also external auditing activity.


Life today is far less risky than in the past, yet great prominence is given by society to risk and its consequences. Despite technological advances and growing life expectancy we perceive the world as increasingly uncertain and unpredictable. The sense of uncertainty is all pervasive, it's there every time we open a newspaper, turn on the television or surf the web we can see the images of risk. Yet we cannot avoid risk.Just imagine a world without it: in the absence of risk there would be no innovation, no reward and no responsibility. Risk is a positive force for growth and success, turning uncertainty and discovery to an organization's advantage.

Risk Management, meaning d the avoidance of shocks and uncertainty in the areas where we have no control, and on the other the successful implementation of change where we can control the outcome, is coming of age as a profession. Organizations which manage risk effectively and efficiently are more likely to achieve their goals and to achieve this at a lower overall cost. Risk management is therefore good management. The risk of an organization is evaluated by "Auditors". Auditors are the key to identify the risk involved in an organization. Audits are done in all sectors like banking, Insurance, Realestates etc.


Definition of Risk management systems and the audit profession

The general definition of an audit is an evaluation of a organization, system, process, enterprise, project or product. Audits are performed to estimate the validity and reliability of information, also to provide an assessment of a system's. The goal of an auditor is to express an opinion on the organization or system etc. An auditor seeks to provide only reasonable assurance that the statements are free from material error. Hence, statistical sampling is often adopted in audits. In the case of financial audits, a set of financial statements are said to be true and fair when they are free of material misstatements - a concept influenced by both quantitative and qualitative factors.

Kinds of Audits

1. External Auditing

. External auditors are certified public accountants who are independent of the organizations whose assertions or representations are being audited. These independent auditors offer their audit services on a contractual basis. The majority of audits performed by external auditors are financial statement audits.

2. Operational / Internal Auditing

Internal auditing is practices by auditors employed by an organization. Internal auditing activity is known as operational auditing, performance auditing, or management auditing. Operational auditing refers to the study of business operations for the purpose of making recommendations about the economic and efficient use of resources, effective achievement of business objectives, and compliance with company policies. The goal of operational auditing is to help managers discharge their management responsibilities and improve profitability. Internal auditors can perform audits of financial reports for internal


3. Governmental Auditing

Members of local, state and federal government units audit various organizational functions for a variety of reasons such as the following:

Local and state government units audit businesses to determine whether sales taxes have been collected and remitted according to stipulated laws or regulations (a type of compliance audit).

The Internal Revenue Service audits corporate and individual income tax returns to determine whether income taxes have been calculated according to the applicable laws or interpretations of these laws (another type of compliance audit).

Governmental audits also includes:

Financial audits that determine whether;

Financial information is presented in accordance with established criteria

The entity has adhered to the financial compliance requirements, and

The entity's internal control is suitably designed and implemented.

Performance audits (a type of operational audit), that review for efficiency and economy in the use of resources

It is also possible to approach a course in auditing from the standpoint of a member of the organization, whose audits are performed by internal auditors. However, here we will discuss the role of the external auditor, the auditor who is not an employee of the organization. This approach requires the student to alter the orientation he or she has assumed in other accounting courses. The new role is that of an outsider, or an independent public accountant, hired not to prepare financial statements, but to give an opinion on the fairness of the financial statements prepared by the internal company accountants. This role will require a different approach to learning than previously encountered in accounting courses and will demand unique skills that enable the auditor to make decisions regarding the accuracy of an organization's financial statements. The first skill is the ability to approach and solve audit problems. In addition, the auditor must possess an inquiring audit attitude to uncover problems and discrepancies when they exist. Some have suggested that auditing cannot be learned in the classroom, and that it is a subject that can only be learned by actual hands-on experience. While it is difficult to duplicate or simulate the actual practice environment in the classroom, it is possible to learn about auditing in the classroom. For those not intending to become professional auditors, this course will illuminate the process of auditing, as well as the role played by auditors in financial reporting. As potential users of independent audits, students will find it valuable to know not only what an audit represents, but also its limitations

What are the motives behind Risk Management?

Risk management is a process which provides assurance that:

objectives are more likely to be achieved

damaging things will not happen or are less likely to happen

Beneficial things will be or are more likely to be achieved.

It can be used to complement the institution's business planning and resource allocation processes, at a strategic level or at a project, function or site level. It can also be used as an extension to investment appraisals and SWOT analyses (strengths, weaknesses, opportunities and threats) or PEST analyses (political, economic, sociocultural and technological factors). It is not a process for avoiding risk. When used well, it can actively encourage an institution to take on activities that have a higher level of risk, because the risks have been identified and are being well managed, so the exposure to risk is both understood and acceptable.

Risk management is not the management of insurable risks. Insurance is an important way of transferring risk but most risks will be managed by other means. Good risk management provides upwards assurance from business activities and administrative functions, from departments to faculties, to the senior management team and ultimately to the governing body.

Managing risk is a central part of many corporate strategies. Reputations that take decades to build up can be ruined in hours through incidents such as corruption scandals or environmental accidents. These can also draw unwanted attention from regulators, courts, governments and media. Building a genuine culture of 'doing the right thing' within a corporation can offset these risks. So a company or an organization should always adopt the process of Risk management to sustain their reputation of their organization.

Key Benefits of Risk Management.

Reduce risk reporting and response times

Facilitate appropriate risk decisions on all management levels of your organization

Protect brand and reputation

Provide instant dashboard visibility of corporate-wide risk data

Improve response time and accuracy of information to stakeholders

Compare incidents data across sites, business units or your entire business

Improve the effectiveness and efficiency of corrective and preventative actions

Fast to implement solution and can Obtain results fast

In the below wheel it explains the broad range of topics that a risk management professional must be able to address can be represented as a wheel, with each reflecting one branch of the topic.

In recent years, shareholders, investors and society had suffered enormous loss as a result of numerous and catastrophic corporate failures. As the means of reducing the potential for such loss, improved corporate governance has become an inescapable must for businesses around the globe. Effective governance is only possible through a functional system of internal control, which itself is wholly dependent on a culture of sustained and proactive corporate governance, control & enterprise risk management (ERM).

As one of the most effective means of managing compliance and avoiding the risk of non-compliance, ERM is also increasingly recognized by forward-thinking organizations as the best long-term, sustainable and cost-effective solution to meeting the compliance mandates as required by the Sarbanes-Oxley Act and the ever increasing compliance requirements companies face today.

If risk management is fully embedded into the management process then the case for a separate 'process owner' may be less clear. So how can continuity be assured and how will the governing body know that it is working effectively? In the private sector the Turnbull report recommends an annual review of the effectiveness of internal control. This is a function that could usefully be undertaken in institutions by internal audit, given their expert knowledge and their independence. In doing so they could be guided by the institution's risk management policy document and their knowledge of the institution to validate the risk assessments. A report to the governing body via the audit committee would help give the assurance the governing body needs for its disclosures. However, this would have resource implications for the internal audit function

Key elements that affect risk management

Disclosure requirements:

the governing body acknowledges responsibility for the system of internal control

an ongoing process is in place for identifying, evaluating and managing the significant risks

an annual process is in place for reviewing the effectiveness of the system of internal control

there is a process to deal with the internal control aspects of any significant problems disclosed in the annual report and accounts.

The Turnbull report states that in assessing what constitutes a sound system of internal control, deliberations should include:

the nature and extent of the risks facing the organisation

the extent and categories of risk which it regards as acceptable

the likelihood of the risks concerned materialising

the organisation's ability to reduce the incidence and impact on the organisation of risks that do materialise.

The report also says that the system of internal control should:

be embedded in the operation of the organisation and form part of its culture

be capable of responding quickly to evolving risks

risk management is not seen as a separate process but as part of existing management practice

it reduces administration by using existing reporting procedures

it encourages continuity as existing processes are less likely to fail

practical aspects of risk management are easier to see, thereby encouraging participation.

Identifying risks - techniques

Whatever technique is used to identify risks, they must relate to the objectives of the institution, faculty, department, function, activity or specific project in question. If the objectives are not already explicit, they will need to be made so. Few staff at any level of seniority or experience will be able to identify risks without some prompting. It is no use asking, 'What are the risks associated with your work?', as most people simply will not understand the question.

It is therefore important to encourage participants to supply the information required to compile a list of risks. There is no right or wrong way to do this: many methods have been tried, each with its benefits and drawbacks (see Table 3). The choice may be determined by the time and resources available, and more than one method could be used in the same risk management programme.

What are the motives behind Audit Professional?

Audit activity is now widespread. There are a range of views about its prime purpose. Unless the audit programme has a clear purpose and direction. As commissioning develops, there will be more explicit considerations of standards of care. Those standards will address both the processes of outcomes of a product, focusing on effectiveness and appropriateness. They will best be generated by local agreement between purchasers, providers and clinicians, based on the knowledge available through research. Audit can provide a systematic appraisal of practice against such standards, while ensuring confidentiality for individual patients and clinicians. Property resourced, audit can play a valuable role directly linked to the commissioning process.

Auditors are valued because of their technical knowledge and independent in providing assurance as well as their competence and experience in assisting companies to improve operations of an organization. Auditors often make and help implement recommendations that improve the profitability by enhancing revenue or reducing costs, including the reduction of errors and fraud and by imposing operational control.

The auditors recommended training for the inspectors to ensure consistency and quality of the inspections. And then they also recommended quality assurance reviews over the forms documenting the inspections.

Nature of Auditing.

So far we discussed the importance of audits now we will examine auditing more specifically using the following definitions

"Auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of correspondent between the information and established criteria." Auditing should be done by competent and independent person

Competency of Evidence: To be considered competent, evidence must be valid, relevant, and unbiased. The relative competence and persuasive power of different kinds of evidence would be determined by the following hierarchy of evidential matter, from highest to lowest.

1.Auditors direct, personal knowledge obtained through physical observation, or mathematical computation

2.Documentary evidence obtained directly from independent external sources (external evidence).

3. Documentary evidence that has originated outside clients system, but which has been received and processed by the client (external-internal evidence).

4. Internal evidence consisting of documents that are produced, circulated, and stored within the clients system (internal evidence).

5. Verbal and written representations by the client's officers, directors, owners, and employees.

The auditor should obtain relevant and reliable audit evidence sufficient to enable him to draw reasonable conclusion from the following items:

Main accounting evidence from accounting system: balance sheet, profit and loss account, ledger, daily book, cashbook, trial balance sheet are main accounting evidence.

Evidence in support of the overall audit opinion: invoices, receipts, checks, bank drafts and other documents.

The auditor will obtain evidence from several sources, which, together, will provide him with the necessary assurance.

What is an independent auditor

The auditor is subject to both "legal" and "ethical" independence.

Auditors' legal independence

Election of the auditor must be legal.

The auditing must be legal. Auditing must be made according to the articles of the Internal Accounting Standards, Uniform accounting plan, Capital Market Board, Turkish Tax regulations.

Auditors' legal independence can be stated as follows:

1.The Auditor has a right and duty to investigate all accounting records that have been kept by the company.

2. The Auditor must investigate the company 's balance sheet and profit and loss accounts with agreement of underlying accounting records.

3. Every auditor has a right to access at all times to the company's books, accounts and vouchers and requirement from the company's officer for such information and explanation when the auditor thinks necessary for the performance of his duties.

4. Auditors have a right to attend any general meeting or the board meeting of the company according to the Capital Market Board regulations.

Auditors' ethical independence

Fundamental principles:

An Auditor should behave with integrity in all professional and business relationships.

An Auditor should strive for objectivity in all professional and business judgments.

An Auditor should not accept work, which he or she is not competent to undertake during the audit.

An Auditor should carry out his or her professional work with due skill, care, diligence and expedition with proper regard for the technical and professional standards expected of him as an auditor.

General Audit Procedures

Auditors use seven basic types of evidence and seven general procedures to gather evidence. One or more of these procedures may be used to audit an account balance, control procedure, or class of transactions.

An audit program is a list of procedures.

1.  Recalculation. Recalculation of calculations previously performed by client personnel (mathematical evidence)

2. Physical Observation. Physical evidence of tangible assets provides evidence of existence and provides tentative evidence of condition and valuation

3.Confirmation. Confirmation by direct correspondence with independent parties can produce evidence of existence and ownership and sometimes valuation and cutoff. Two types of confirmations used in receivables and payables are: (a) positive confirmation, which requests a reply in all cases; and (b) negative confirmation, which requests a reply only if the account balance is considered incorrect.

4. Verbal inquiry. Collection of oral evidence from independent parties and client officials. Written representation letters must be obtained for all important inquiries.

5. Examination of documents. Gathering evidence by examining authoritative documents prepared by the client. The examination can be performed by vouching or tracing the documents.

6.Scanning. An "eyes-open" approach of looking for anything unusual. Does not produce direct evidence, but it can raise questions for which other evidence must be obtained.

7.  Analytical procedures. Evaluate financial statements accounts with financial and non-financial data. Analytical procedures can take five general forms.