TOPCIMA - Risk and Control Strategy

1
TOPCIMA - Risk and Control Strategy

• Paper 3

2
Syllabus summary
Risk and Internal Control
Review and Audit of Control Systems
Financial Risk
Information Systems

• Management
• Control Systems

Notes ref p2
3
Risk strategy process
Identify Risk
Measure and Assess Risk
Evaluate Risk Strategy
Notes ref p9
4
Types of Risk
Types of Risk
Political, Legal and Regulatory
Economic Risk
Environmental Risk
Financial Risk
Technology Risk
Business Risk
Fraud
Reputation Risk
International Risk
Notes ref p10
Notes ref p10
5
Measuring and Assessing Risks

• Identifying

Measuring
Prioritising

• Expected values
• Volatility

• Risk mapping

• PEST/SWOT
• External advisors
• Interviews/ Questionnaires
• Internal audit
• Brainstorming

Notes ref p13-15
6
Risk Mapping
Impact/Consequences
High
Low
High
Probability/ Likelihood
Low
Notes refp15
7
Management of Risks

• Avoid risk
• Transfer risk
• Pool risks
• Diversification
• Risk reduction
• Hedging risks
• Risk sharing

Notes refp17-18
8
Systems and control
Systems Theory

• Control Theory
• Feedback
• Feed forward

• Management Control
• Structure
• Contracts
• Policies and procedures
• Rewards/discipline
• Performance appraisal

• Management Accounting Control Systems
• Responsibility and performance appraisal
• Problems of systems

Notes ref p21
9
Systems Theory
Input
Process
Output
Sub Systems
Interaction
Objective
Control
Types
Notes ref p22 - 23
10
Feedback
Input
Process
Output
Control Action
Comparison
Measure
Standard
Notes ref p24
11
Feedforward
Input
Process
Output
Implementationof Action
Predictive Model of Process
Measure of Output
Determination of cause ofdeviation. Generation
andevaluation of alternativecorrective actions.
Objective
Notes ref p25
12
Control Methods

• Organisation structure
• Contracts of employment
• Policies
• Discipline and reward system
• Performance appraisal and feedback

Notes ref p26
13
Management Accounting Control Systems
Areas of Control
Performance Targets
Responsibility
Financial and Non-Financial
Notes ref 27-30
14
The Balanced Scorecard
Financial
Internal
Customer
Innovation and Learning
Notes ref 29
15
Management Accounting Control System
Areas of Control
Performance Targets
Problems
Responsibility
Financial and Non-Financial
Behavioural Factors
Notes ref 27-30
16
Internal controls
Internal Controls
What are They?
Features of Internal Control Systems
Costs vs Benefits
Notes ref p31
17
COSO Elements

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring

Notes ref p33-35
18
Fraud
Fraud
What is it?
Risk Indicators
Fraud Risk Management
Notes ref p37
19
Opportunity for Fraud

• Dishonesty
• Opportunity
• Motive

Notes ref p38-39
20
Fraud Risk Management Strategy

• Fraud
• Prevention

Identifying a Fraud
Responding to a Fraud

• Anti fraud culture
• Risk awareness
• Whistle blowing
• Internal controls

• Regular checks
• Warning signals
• Whistleblowers

Notes ref p40-42
21
Corporate governance Principles of the
Combined Code

• Directors
• Directors remuneration
• Relations with shareholder
• Accountability and audit
• Institutional investors

Notes ref p48-49
22
Fundamental Principles of CIMA Ethics

• Integrity
• Objectivity
• Professional care and due competence
• Confidentiality
• Professional and technical standards

Notes ref 54
23
Session Content
Management Review of Controls
Internal Audit
Structure
Types of Audit
Scope
External Auditors
Standard of Work
Notes ref p57
24
Types of Audit Work
Value for Money
Social and Environmental
Management

• Economy
• Efficiency
• Effectiveness

Notes ref p61-63
25
Session Content
Audit Process

• Testing
• Sampling
• Analytical Review

• Planning
• Systems Investigation
• Control Assessment
• Analytical Review

• Reporting
• Recommend Actions

Risk-Based Approach
Notes ref p65
26
Audit Process
Agree the Objectives of the Audit
Plan the Audit
Find Out About Systems and Controls
Planning
Confirm the Operation of the System
Assess if Controls are Adequate
Test Compliance with Controls
Testing
Test Application of Controls
Review, Report and Recommend
Notes ref p66
27
Audit Process Cont.

• Planning

Testing
Reporting and Recommendations

• Risk based approach
• Systems investigation
• ICQs and ICEQs
• Assessing controls

• Substantive vs compliance
• Sampling
• Analytical review

• Audit report
• Recommendations

Notes ref p 67-74
28
Session Content
Definition of Financial Risk
Types of Financial Risk
Credit Risk
Interest Risk
Currency Risk
Political Risk
Notes ref p83
29
Interest Risk

• Fixed rate
• Floating rate
• Refinancing

Notes ref p86-7
30
Currency Risk Types

• Translation risk
• Transaction risk
• Economic risk

Notes ref p88-89
31
Transaction risk
Transaction Risk Management

• Internal
• Home Currency
• Leading/Lagging
• Matching/Netting

• External
• Forward Contracts
• Money Market Hedges
• Currency Futures
• Currency Options

• Currency/Interest/Inflation
• Links Between

Notes ref p91
32
External Hedging Techniques
Money Market Hedge

• Forward

Future
Options

• Fixed date
• Fixed rate
• Tailor made
• Contractual obligation
• Fix the rate

• Bring forward conversion of currency to today
• Create matching asset/ liability

• Standardised contract
• Tradable
• Range of future dates
• Effectively fix the rate

• Insurance
• Downside risk covered by option
• Standardised contract
• Tradable

Notes ref p95-103
33
Predicting Future Spot Rates
Predicting Long Term Future Spot Rates
IRP

• PPP

1 if 1 ih
1 ints f 1 ints h
Spot rate _at_ to x
Spot rate _at_ to x
Notes ref p105-107
34
Interest rate risk management
Interest RateRisk Management

• Internal
• Smoothing
• Matching
• Netting

• External
• FRAs
• IRGs
• Futures
• Options
• Swaps

Notes ref p111
35
Summary of Interest Rate Risk Instruments
Exchange Traded Instruments
OTC Instruments
Forward rate agreements (FRAs) or swaps for
longer term hedge
Interest ratefutures
Fixing instruments
Insuranceinstruments
Interest rate guarantees (IRGs), sometimes
called caps/floors or options or swaptions for
longer term hedge
Interest rate options
Notes ref p112
36
Information systems
IS
Development of Information Strategy
IM
IT
EIS
DSS
MIS
TPS
Notes ref p125
37
Earls Three Levels of Strategy
IS Strategy

• Division/SBU/Function based
• Demand Orientated
• Business Focussed

Applications
IM Strategy

• Organisation Based
• Relationship Orientated
• Management Focused

Management
IT Strategy

• Activity Based
• Supply Orientated
• Technology Focused

Delivery
Notes ref p126
38
Strategic Planning Model
Corporate Strategy
Information Needs
Information Systems Strategy
Information and Data Architecture
Applications Architecture
IT Architecture
Notes ref p127
39
Critical Success Factors
Mission Statement
Business Objectives
Critical Success Factors
Information to Measure Performance
Proposals for New Systems or Modifications
Notes ref p128
40

• Levels of Control

Anthonys Triangle
Planning Activities
Strategic
Board Level
Tactical
Middle Level
Control
Lower Levels
Operational
Activities
Notes ref p130
41
Risks with IT systems
Employees
Hacker
Hardware Faults
Virus

• Security
• Hardware
• Data

Mistakes
Notes ref p148
42
Controls

• General controls
• Application controls
• Software controls
• Network controls

Notes ref p148
43
General Controls

• Personnel controls
• Access controls
• Security
• Physical
• System
• Software
• Business continuity

Notes ref p149-150