Enhanced search function
IFAC FOCUS AREAS
- Accountability. Now.
- Developing the Global Profession
- Global Representation and Advocacy
- Professional Accountants in Business
- Small and Medium Practices
Independent Standard-Setting Boards
The International Auditing and Assurance Standards Board sets high-quality international standards for auditing, assurance, and quality control that strengthen public confidence in the global profession.
The International Accounting Education Standards Board establishes standards, in the area of professional accounting education, that prescribe technical competence and professional skills, values, ethics, and attitudes.
The International Ethics Standards Board for Accountants sets high-quality, internationally appropriate ethics standards for professional accountants, including auditor independence requirements.
The International Public Sector Accounting Standards Board develops standards, guidance, and resources for use by public sector entities around the world for preparation of general purpose financial statements.
|Global Knowledge Gateway||
Risk Management & Internal Control
What Do We Mean by Risk Management & Internal Control?
Organizations face a wide range of uncertain internal and external factors that may affect achievement of their objectives—whether they are strategic, operational, or financial. The effect of this uncertainty on their objectives can be a positive risk (opportunities) or a negative risk (threats).
Risk management focuses on identifying threats and opportunities, while internal control helps counter threats and take advantage of opportunities.
Why are Risk Management and Internal Control Important?
Proper risk management and internal control assist organizations in making informed decisions about the level of risk that they want to take and implementing the necessary controls to effectively pursue their objectives.
Risk management and internal control are therefore important aspects of an organization’s governance, management, and operations. Successful organizations integrate effective governance structures and processes with performance-focused risk management and internal control at every level of an organization and across all operations.
However, risk management and internal control are not objectives in themselves. They should always be considered when setting and achieving organizational objectives and creating, enhancing, and protecting stakeholder value.
Global Perspectives on Risk Management and Internal Control
The recent financial crises demonstrated quite clearly that, with increasingly globalized economies and markets, a crisis in one nation or region can affect far more than those living and working in the immediate area. National economic, social, and environmental issues need to be considered in a global context, especially issues related to risk. In addition, risk management and internal control need to encompass a wider perspective, since organizations are affected by many variables, often outside their direct control.
- According to IFAC’s interviews with 25 key business leaders, summarized in Integrating the Business Reporting Supply Chain, recent financial crises have exposed flawed or ineffective risk management and internal control practices—especially in some financial institutions. Many organizations were overly focused on financial reporting controls, and did not fully comprehend the risks to which they were exposed. In fact, many, if not most, of the risks derived from other areas, including operations and external circumstances.
- Respondents to IFAC’s Global Survey on Risk Management and Internal Control—Results, Analysis, and Proposed Next Steps felt that risk management and internal control guidelines should be combined into one set of integrated guidelines, to increase the understanding that they are both integral parts of an effective governance system.
IFAC facilitates a collaborative global dialogue with the issuers of standards, guidance, and frameworks in the area of governance, risk management, and internal control culminating in greater international alignment.
The Role of Accountants and the Accountancy Profession
Evaluating and improving risk management and internal control is among the core competencies of many professional accountants and, within organizations, many are partnering with other functions to design, plan, implement, execute, and monitor. In addition, professional accountants are often responsible for providing objective, accurate, and timely information and analyses to support all of these activities. They can also organize risk management and internal control training sessions and establishing an understandable, common risk and control language that meets professional and technical standards.
Professional accountants play a leading role in ensuring that risk management and internal control form an integral part of an organization’s governance system. With an integrated, organization-wide approach, professional accountants can also encourage treating risks in a more holistic, comprehensive way, ensuring that all business decisions are based on proper risk assessment and management that defines the overall effect of uncertainties on the organization’s objectives.
- Using Three Lines of Defense to Manage Internal Controls
July 9, 2015 - Journal of Accountancy
- Small Firms Slower to Adopt New Internal-Control Guidelines
June 17, 2015 - Wall Street Journal CFO Journal
- Cost of Cyber Security Breaches More than Doubles
June 4, 2015 - Economia
- Improve Your Data Security and Keep the Hackers Out
June 1, 2015 - In the Black
- Internal Control-Integrated Framework
May 1, 2013 - Committee of Sponsoring Organizations of the Treadway Commission (COSO)
- Evaluating and Improving Internal Control in Organizations
June 28, 2012 - IFAC
- Evaluating and Improving Governance in Organizations
January 31, 2009 - IFAC
- Defining and Developing an Effective Code of Conduct for Organizations
May 31, 2007 - IFAC