Integrating Management of Risk into Decision Making: Focusing on Risk and Control
Vincent Tophoff | July 6, 2016 |
Risk management is at the heart of what finance professionals do. Risk is inherently tied to setting and achieving an organization’s objectives and should, therefore, be managed as part of integrated thinking and business performance management. This is one of the key points in IFAC’s thought paper on managing risk as an integral part of managing an organization.
The Current Landscape
When the IFAC Professional Accountants in Business (PAIB) Committee met in March, it discussed IFAC’s accountants in business work plan, including for risk management and control. The discussion strived to build understanding of best practice for integrating risk management and to identify priorities for IFAC and the profession in risk.
Discussion among committee members developed the following topics as the leading priorities.
- From compliance to outcomes-focused
An informal survey of accountants working in business identified the perception that the increased focus on risk over the last five years is driven mainly by regulators rather than by business objectives. Consequently, a compliance-based mentality often determines the way risk is managed and overseen rather than a more effective outcomes-based approach. An outcomes-based approach should start by asking what the organization wants to achieve and then identifying what can prevent or help achieve these objectives. Our profession needs to expand our scope of, and influence over, risk management to help ensure an enterprise approach that is broader than only applying internal control over external financial reporting.
- Revision of standards
Both the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the International Organization for Standardization (ISO) are currently updating their standards, frameworks, and guidelines on risk management. IFAC is directly and actively involved in both revisions and, through the PAIB Committee, coordinates inclusion of accountants in business’ perspectives into the revision of these standards and guidelines. The public consultation on COSO’s revised Enterprise Risk Management Framework is now open for comments. ISO’s revision of Standard 31000:2009—Risk Management started in November 2015 and is expected to deliver a draft international standard early 2017.
- Areas of Focus for IFAC and the PAIB Committee
Broad discussions at the meeting highlighted the importance of focusing on the link between the business partnering role and risk management, encouraging the integration of risk into existing approaches to decision making and execution, and using language that will be understood by everyone in the organization.
We welcome your input in helping us surface key issues and different perspectives on risk management. We are still shaping IFAC’s future work program for professional accountants in business, including risk management, and your input is welcomed.
Please share a short description below, including links to relevant content, detailing your organization’s main priorities and activities in risk management. Please also include any reflection on how we might support you and your organization to manage risk effectively. Thank you!