1、Board responsibility for internal control and risk managementby Kiattisak JelatianranatChairman,The Institute of Internal Auditors of ThailandDirector,PricewaterhouseCoopersKiattisak Jelatianranat31 May 2000 1pwc2nd Asian Roundtable on Corporate GovernanceResponsibility VS Accountability Responsibil
2、ity What,and Who will do?Accountability How,and For whom?.Both need independence and objectivityKiattisak Jelatianranatpwc 231 May 20002nd Asian Roundtable on Corporate GovernanceBalanced Scorecard in Corporate Governancepwc Financial&non-financial information.Equitable Treatment of stakeholders.Com
3、bination of Lagging and Leading Information.Alignment of short-term objectivesKiattisak Jelatianranat 331 May 20002nd Asian Roundtable on Corporate GovernanceBalanced Responsibility legal&moralpwc Create strategic vision Select CEO&Senior management Establish strategic,accountable information Indepe
4、ndent,objective and competent oversight of day-to-day operationsBoard“core”responsibilities.Kiattisak Jelatianranat 431 May 20002nd Asian Roundtable on Corporate GovernanceBoard Effectivenesspwc Corporate governance framework Risk management system Internal control system Auditing xx Board initiativ
5、e&Ownership of:x x Selection of CEO&senior management x x Oversight of CEO&senior management to establish Accounting system MIS Compliance program Operating systemsKiattisak Jelatianranat 531 May 20002nd Asian Roundtable on Corporate GovernanceWhy corporate governance matters?pwc Effective governanc
6、e,and Proper communication with your stakeholdersSustainable GrowthPleasant Working EnvironmentSubstanceFormSpiritKiattisak Jelatianranat 631 May 20002nd Asian Roundtable on Corporate GovernanceSearching for the upside of risk managementpwcValue Chain VS RiskOpportunityUncertaintyHarzardRisk is any
7、issue which could impact your ability to meet your objectivesbase-lineEnhancementPreservationPreventionKiattisak Jelatianranat 731 May 20002nd Asian Roundtable on Corporate GovernanceRisk.pwc Risk Assessment-Identify-Measure-Prioritize Risk Management-Assess adequacy of existing controls-Develop a c
8、ontrol improvement plan-Create a continuous program for objectives,risk and control assessmentKiattisak Jelatianranat 831 May 20002nd Asian Roundtable on Corporate GovernanceRisk Management Action OptionspwcKiattisak Jelatianranat 931 May 20002nd Asian Roundtable on Corporate GovernanceFix ControlsR
9、e-Engineer ProcessTrainingsTransfer Risk(Insurance)Outsource the FunctionDo nothing-BetWell-controlled Organizationspwc Key attributes of a well-controlled organization include:#1.Leadership of Board#2.Translation of strategic vision to day-to-day management#3.Communication of objectives&values to a
10、ll levels#4.Individual accountability#5.Risk management system#6.Human resources reinforcement#7.Independent,objective and competent oversightKiattisak Jelatianranat 1031 May 20002nd Asian Roundtable on Corporate GovernanceRisk&Control:The twin systemspwc Define strategic risk Articulate risk philos
11、ophy Define values and behavioral expectations Assess risk Manage risk Assess existing controls Select control model Continuous communication Continuous program for ORC Develop a control improvement plan Operations are dynamic and evolving.Communications&AuditAlignmentControlRiskObjectiveKiattisak J
12、elatianranat 1131 May 20002nd Asian Roundtable on Corporate GovernanceComplexity of Value chain.pwc A board must have the capability to respond to and manage changes.“Risk Management”and“Business Control”are the first thing for any board consideration.Kiattisak Jelatianranat 1231 May 20002nd Asian R
13、oundtable on Corporate GovernanceInternal Control Learned in Real Worldpwc Focus on“Soft Control”in assessing all of COSOs “Five Components”and“Three Objectives”.Soft Controls are subjective in nature,thus self-assessment is crucial for success.Implementation as an integral cultural change.Internal
14、Control training is a“must”.Tailor practices to an organization to assure the surpassing expected benefits from the implementation.Kiattisak Jelatianranat 1331 May 20002nd Asian Roundtable on Corporate GovernanceCOSOs Internal Control Definitionpwcis a process,effected by an entitys people(board of
15、directors,management,and other personnel),designed to provide reasonable assurance regarding the achievement of objectives in the following categories:Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulationsKiattisak Jelatianranat
16、1431 May 20002nd Asian Roundtable on Corporate GovernanceControl Realitypwc Focus on people and process,not merely policy manuals and forms Require dynamic and interactive evaluation techniques.Verifying compliance with policies and procedures is not sufficient Kiattisak Jelatianranat 1531 May 20002
17、nd Asian Roundtable on Corporate GovernanceFive Components of COSOs Control Frameworkpwc Kiattisak Jelatianranat Control Environment:The Foundation on which everything rests.Risk Assessment:Aware of and deal with the risks it faces.Control Activities:Actions identified by management as necessary to
18、address risks to achievement of objectives.Information&Communication:People to capture and exchange the information needed to conduct,manage and control operations.Monitoring:React dynamically,changing as condition warrant.1631 May 20002nd Asian Roundtable on Corporate GovernanceFrom Backroom To Boa
19、rd Roompwc Kiattisak JelatianranatOrganizations in the 21st Century must move internal control issues from their“Backroom”(Operating Level)to“Board Room”(the strategic level)1731 May 20002nd Asian Roundtable on Corporate GovernanceInternal Audit Paradigm Shiftpwc Kiattisak JelatianranatToday interna
20、l auditors are management partners and consultants to add values to the organization.No longer as a watch dog or a policeman 1831 May 20002nd Asian Roundtable on Corporate GovernanceInternal Auditing Definitionpwc Kiattisak Jelatianranat Internal auditing is an independent,objective assurance and co
21、nsulting activity designed to add value and improve an organizations operations.It helps an organization accomplish its objectives by bringing a systematic,disciplined approach to evaluate and improve the effectiveness of risk management,control and governance processes.Internal auditing is an indep
22、endent appraisal function established within an organization to examine and evaluate its objectives as a service to the organization.The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities.To this end,internal auditing furnishe
23、s them with analyses,appraisals,recommendations,counsel,and information concerning the activities reviewed.The audit objective includes promoting effective control at reasonable cost.1931 May 20002nd Asian Roundtable on Corporate GovernanceThere is no alternativepwc Kiattisak JelatianranatToward the new millennium environment:Board of Directors and senior management have no alternative not to be the leadership and ownership of systems of risk management and internal control 2031 May 20002nd Asian Roundtable on Corporate Governance
