Global Knowledge Gateway

Risk Management & Internal Control

What Do We Mean by Risk Management & Internal Control?

Organizations face a wide range of uncertain internal and external factors that may affect achievement of their objectives—whether they are strategic, operational, or financial. The effect of this uncertainty on their objectives can be a positive risk (opportunities) or a negative risk (threats).

Risk management focuses on identifying threats and opportunities, while internal control helps counter threats and take advantage of opportunities.

Why are Risk Management and Internal Control Important?

Proper risk management and internal control assist organizations in making informed decisions about the level of risk that they want to take and implementing the necessary controls to effectively pursue their objectives.

Risk management and internal control are therefore important aspects of an organization’s governance, management, and operations. Successful organizations integrate effective governance structures and processes with performance-focused risk management and internal control at every level of an organization and across all operations.

However, risk management and internal control are not objectives in themselves. They should always be considered when setting and achieving organizational objectives and creating, enhancing, and protecting stakeholder value.

Global Perspectives on Risk Management and Internal Control

The recent financial crises demonstrated quite clearly that, with increasingly globalized economies and markets, a crisis in one nation or region can affect far more than those living and working in the immediate area. National economic, social, and environmental issues need to be considered in a global context, especially issues related to risk. In addition, risk management and internal control need to encompass a wider perspective, since organizations are affected by many variables, often outside their direct control.

  • According to IFAC’s interviews with 25 key business leaders, summarized in Integrating the Business Reporting Supply Chain, recent financial crises have exposed flawed or ineffective risk management and internal control practices—especially in some financial institutions. Many organizations were overly focused on financial reporting controls, and did not fully comprehend the risks to which they were exposed. In fact, many, if not most, of the risks derived from other areas, including operations and external circumstances.
  • Respondents to IFAC’s Global Survey on Risk Management and Internal Control—Results, Analysis, and Proposed Next Steps felt that risk management and internal control guidelines should be combined into one set of integrated guidelines, to increase the understanding that they are both integral parts of an effective governance system.

IFAC facilitates a collaborative global dialogue with the issuers of standards, guidance, and frameworks in the area of governance, risk management, and internal control culminating in greater international alignment.

The Role of Accountants and the Accountancy Profession

Evaluating and improving risk management and internal control is among the core competencies of many professional accountants and, within organizations, many are partnering with other functions to design, plan, implement, execute, and monitor. In addition, professional accountants are often responsible for providing objective, accurate, and timely information and analyses to support all of these activities. They can also organize risk management and internal control training sessions and establishing an understandable, common risk and control language that meets professional and technical standards.

Professional accountants play a leading role in ensuring that risk management and internal control form an integral part of an organization’s governance system. With an integrated, organization-wide approach, professional accountants can also encourage treating risks in a more holistic, comprehensive way, ensuring that all business decisions are based on proper risk assessment and management that defines the overall effect of uncertainties on the organization’s objectives. 

Want to learn more about
Risk Management & Internal Control?


 

Recent News

 

Get the latest updates delivered straight to your inbox

Keep Updated
Get the latest updates delivered straight to your inbox.

 

 

Suggest a Resource, News Item, Event, or Discussion Topic

Knowledge Section
URL
Why should we include this?