Enterprise Risk Management (Preview)

Chapter 1 – Risk Management Awareness 13 safety of food and consumer products, the exposure to toxic substances in the environment and the use of biotechnologies. 7 The management processes outlined in the frameworks include steps for defining problems, analyzing health risks, examining options, making decisions, taking action and evaluating results. These steps are consistent with the guidance later developed for the management of organizational risks. Health risk management frameworks were a source of inspiration and contributed noticeably to the evolution of risk management as a functional discipline. Professional Leadership The accounting profession had a significant influence on the evolution of risk mana- gement. The profession has always provided thought leadership in the areas of internal control and management control. Professional accountants are experts in designing internal controls having to do with the processing and reporting of financial transactions. These controls ensure the integrity of accounting and financial reporting, and they also help prevent or detect fraud. The focus on internal controls for financial transactions gradually evolved to the much broader focus of management control, which can be defined as the structures, processes, approaches and methods that influence managers and employees to achieve organizational objectives. 8 In the early 1990’s, accounting professions led the development of internal control frameworks. These frameworks outline control criteria that should be met in order to ensure organizational success. Internal control can be defined as a “process designed to provide reasonable assurance regarding the achieve- ment of objectives relating to operations, reporting and compliance.” 9 Internal control frameworks promote the implementation of sound management practices. They provide methods and tools for designing controls. These frameworks initially proposed a compliance-based approach to guide the application of controls. However, the frameworks evolved to promote a risk-based approach to focus controls on areas of significant risks. Methodologies and tools were developed to identify and assess risks, which contributed to modern day risk management practices. The internal auditing profession also influenced the evolution of risk management. Internal audits used to focus on the assessment of management practices and controls mostly from a compliance perspective. However, the definition of internal auditing was updated in the late 1990’s, for audits to examine the effectiveness of governance, risk management and control. As a result, internal auditors are expected to examine the effectiveness of practices and controls aimed at managing risks. The new definition caused a gradual change of approach from audits that were mostly focused on compliance (to plans, policies, procedures, regulations, etc.), to audits that are focused on the management of risks. In addition, internal auditors embraced the concept of risk-based audit planning to identify audit priorities. When developing their audit plans, internal auditors now conduct risk analyses to identify areas where internal audit projects should be conducted based on where risks are most significant. In doing so, internal auditors take into account the input from management, and discuss audit priorities with senior executives and board members. These audit planning approaches raised the awareness of risk and risk management within organizations. In addition, internal auditors developed knowledge and skills in risk identification and assessment. In some cases, they were asked to lead or contribute to the implementation of ERM within organizations.