Documente Academic
Documente Profesional
Documente Cultură
OPPORTUNITIES MANAGEMENT
AS WELL AS
. RISKS MANAGEMENT
THE CEO 2
STEP 1: WRAP-UP
CORPORATE OBJECTIVES (and related KPI if any) TOP 5 RISKS IDENTIFICATION AND ASSESSMENT What Could Go Wrong
Severity in terms of
Impact (High, Medium and Low)
STEP 2 : SELECT
SHORT TERM RISKS : Keep only those who are very likely to occur within the next SIX months TOP 5 RISKS Attributes validation
High impact
High impact
Likelihood represents the possibility that a given event will occur, while impact represents its effect. COSO 2012 Definition Impacts Level Criteria (guidance)
Low
Medium High
Below 10% deviation from the quantitative KPI (profit before tax or other operational)
Between 10 and 20% deviation from the quantitative KPI Above 20% deviation from the quantitative KPI Any fraudulent risk starts from the first euro Any damage to Transcoms brand or reputation Risks duration over one year
7
A THIEVING call centre worker stole nearly 600,000 of mobile phones from his firm in a nationwide scam
Michael Higgins was working for Orange, in North Tyneside, when he hatched the plot to line his pockets. Higgins, who worked as an analyst for the firm, managed to override an internal security system time and time again to set up bogus sales. Newcastle Crown Court heard a total of 1,158 handsets were stolen over a two-year period worth 496,141, but the VAT avoided on the sales pushed this up to almost 600,000. Now Higgins has been locked up for three years and four months while fellow former Orange worker Gavin Ellis, who worked as Higgins sales manager in the plot, was jailed for 32 months. Judge Brian Forster said: This was planned theft over a significant period of time and the value was substantial.
The courts have a clear duty to deter employees from committing serious offences of dishonesty, in particular theft. Higgins acted in a gross breach of trust and Ellis was not only involved in sales but was quickly centrally involved. An inquiry had been launched at the Orange call centre, on the Cobalt Business Park, North Tyneside, after discrepancies were uncovered between the number of phones being ordered and billed and the number being delivered. The investigation showed a large number of orders had been delivered but had somehow avoided going into the firms billing process. Robert Adams, prosecuting, said: Michael Higgins was identified as the analyst responsible in each case. No payment was being taken for these phones because no account had been set up with Orange. All these transactions were processed by Higgins, they all related to top of the range handsets and none of them was ever paid for.
8
Low likelihood
Medium likelihood
High likelihood
Level Low
Criteria Below 33 %
Medium
High
Snow in Roma
Snow in Luxembourg
Likelihood represents the possibility that a given event will occur, while impact represents its effect. COSO 2012 Definition
10
Velocity
Short term
Medium term
Criteria Within the next three months Between the next four and six months Beyond the six months
Risk velocity refers to the pace with which the entity is expected to experience the impact of the risk. For instance, a manufacturer of consumer electronics may be concerned about changing customer preferences and compliance with radio frequency energy limits () Changes in regulatory requirement develop much more slowly than do changes in customer preferences. COSO 2012 Definition
11
INTERNAL AUDIT
Definition
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Source: The Institute of Internal Auditors (IIA)
Internal Audit vs. External Audit Internal Audit Statutory mission Transcom employee Scope No Yes (on principle) Financial statements, forecast and budget process, Operations, Compliance External Audit Yes Neither Financial statements only
Objectives
Give an independent and professional opinion whether the accounts are free from any material bias
The shareholders
12
Accountable before
Internal control
Internal control is a process, effected by an entitys board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of reporting Compliance with applicable laws and regulations Source: COSO 2012 On your right, you have the COSO cube describing internal control framework by Category of objectives Process Organization
13
14
15