Tip:
Highlight text to annotate it
X
Up to now, we’ve been able to deal with risk on a few pieces of paper.
Some risks we’ve been able to make go away.
Others we’ve hedged.
And yet others we’ve consciously chosen to ignore because they largely don’t matter.
But there are still likely a long list of risks that require some sort of risk reduction activity.
These activities are called Control Activities.
These may be the same or similar to the typical sorts of internal control activities that accountants and auditors are all too familiar with.
Keep in mind, the accountants and auditors are most often concerned with Internal Controls over Financial Reporting...
and external financial reporting at that.
Now we have to incorporate other control activities as well to reduce Inherent Risk,
that is the risk of occurance in the absence of any management action to the extent that Residual Risk,
that isthe risk left over after management action, is acceptably low.
So for example, some non-financial reporting controls might include:
Your standardized budget and strategic planning processes,
Fraud controls,
Management review controls and discussions,
General computer controls,
Ethics policies,
Background checks on all new employees,
There is a lot of ways controls can be designed and implemented.
As usual, a lot of professional judgement is required to find just the right mix of your...
manual, automated, preventive, detectives, etc types of controls.
Again, our goal is to reduce Residual Risk to an acceptable level by performing one or more Control Activities.
Consider our rogue trader example from earlier.
The key Control Activities would include:
A daily reconciliation of their trading blotter,
Well established trading policies and parameters,
Voice recording all transactions,
Confirmation of all trades with the counterparties by someone who is not the trader,
Daily trade metrics calculating net exposure to the company (VAR and the other so called Greeks), and
A monthly settlement process to ensure all trades are recorded.
With the appropriate Internal Environment and the effective performance of these activities, the Inherent Risk should be adequately mitigated.
That’s all for now, so don't forget...
Don't stop until you get to the top, when you get to the top, don't stop!