Risk Management and Internal Control
Organizations face
a wide range of uncertain internal and external factors that may affect
achievement of their objectives—whether they are strategic, operational, or
financial. The effect of this uncertainty on their objectives can be a positive
risk (opportunities) or a negative risk (threats).
THE EVOLUTION OF
RISK MANAGEMENT
The field of risk
management emerged in the mid-1970s, evolving from the older field of insurance
management. The term risk management was adopted because the new field
has a much wider focus than simply insurance management. Risk management
includes activities and responsibilities outside of the general insurance
domain, although insurance is an important part of it and insurance agents
often serve as risk managers. Insurance management focused on protecting
companies from natural disasters and basic kinds of exposures, such as fire,
theft, and employee injuries, whereas risk management focuses on these kinds of
risks as well as other kinds of costly losses, including those stemming from
product liability, employment practices, environmental degradation, accounting
compliance, offshore outsourcing, currency fluctuations, and electronic
commerce.
In the 1980s and
1990s, risk management grew into a vital part of company planning and strategy.
Risk management became integrated with more and more company functions as the
field evolved. New areas of risk management began to emerge in the 1990s,
providing managers with more options to protect their companies against new
kinds of exposures. According to the Risk and Insurance Management Society
(RIMS), the main trade organization for the risk management profession, among
the emerging areas for risk management were operations management,
environmental risks, and ethics. As the role of risk management has increased to
encompass large-scale, organization-wide programs, the field has become known
as enterprise risk management (ERM).
Why are Risk Management and
Internal Control important?
Proper risk
management and internal control assist organizations in making informed
decisions about the level of risk that they want to take and implementing the
necessary controls to effectively pursue their objectives.
Risk management and
internal control are therefore important aspects of an organization’s
governance, management, and operations. Successful organizations integrate
effective governance structures and processes with performance-focused risk
management and internal control at every level of an organization and across
all operations.
However, risk
management and internal control are not objectives in themselves. They should
always be considered when setting and achieving organizational objectives and
creating, enhancing, and protecting stakeholder value.
Ways of managing Risks
As factories can be
dangerous places to work, it is important that companies implement appropriate
risk management processes. For example, a company can reduce the
likelihood of an accident by limiting work schedules (to reduce employee
fatigue), locating equipment in areas that are less vulnerable to damage,
performing regular maintenance on equipment, performing regular environmental
reviews and establishing communication protocols between line workers,
supervisors and management.
ENTERPRISE RISK
MANAGEMENT (ERM)
As the field of
risk management expanded to include managing financial, environmental, and
technological risks, the role of risk managers grew to encompass the
organization-wide risk embodied in ERM. This approach seeks to implement risk
awareness and prevention programs throughout a company, thus creating a
corporate culture able to handle the risks associated with a rapidly changing
business environment. Practitioners of ERM incorporate risk management into the
basic goals and values of the company and support those values with action.
They conduct risk analyses, devise specific strategies to reduce risk, develop
monitoring systems to warn about potential risks, and perform regular reviews
of the program.
