1

pwc

Board responsibility for internal control and risk management

by Kiattisak Jelatianranat Chairman, The Institute of Internal Auditors of Thailand Director, PricewaterhouseCoopers
2nd Asian Roundtable on Corporate Governance

Kiattisak Jelatianranat

31 May 2000

pwc
Responsibility VS Accountability

Responsibility

What, and Who will do ?

Accountability

How, and For whom ?

. Both need independence and objectivity

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

pwc
Balanced Scorecard in Corporate Governance

Financial & non-financial information. Equitable Treatment of stakeholders.

Combination of Lagging and Leading Information.

Alignment of short-term objectives

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

pwc
Balanced Responsibility legal & moral
Board core responsibilities.

Create strategic vision

Select CEO & Senior management

Establish strategic, accountable information

Independent, objective and competent oversight of day-to-day operations

Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance

pwc
Board Effectiveness
x Board initiative & Ownership of :
Corporate governance framework Risk management system Internal control system Auditing

x Selection of CEO & senior management

x Oversight of CEO & senior management to establish
Accounting system MIS Compliance program Operating systems

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

pwc
Why corporate governance matters ?

Sustainable Growth
Pleasant Working Environment

Spirit
Effective governance, and

Proper communication with your stakeholders

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

pwc
Searching for the upside of risk management
Value Chain VS Risk
Prevention Opportunity base-line Preservation Enhancement

Uncertainty

Harzard Risk is any issue which could impact your ability to meet your objectives

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

pwc
Risk ..
Risk Assessment - Identify - Measure - Prioritize Risk Management

- Assess adequacy of existing controls

- Develop a control improvement plan - Create a continuous program for objectives, risk and control

assessment

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

pwc
Risk Management Action Options
Fix Controls
Re-Engineer Process Options

Trainings
Transfer Risk (Insurance)

Outsource the Function

Do nothing-Bet
Kiattisak Jelatianranat 31 May 2000 2nd Asian Roundtable on Corporate Governance

10

pwc
Well-controlled Organizations
Key attributes of a well-controlled organization include :
# 1. Leadership of Board # 2. Translation of strategic vision to day-to-day management # 3. Communication of objectives & values to all levels # 4. Individual accountability # 5. Risk management system # 6. Human resources reinforcement # 7. Independent, objective and competent oversight

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

11

pwc
Risk & Control : The twin systems
Define strategic risk Articulate risk philosophy

Objective Risk

Define values and behavioral expectations Assess risk Manage risk

Assess existing controls

Control

Select control model

Continuous communication

Alignment

Continuous program for ORC Develop a control improvement plan

Operations are dynamic and evolving...

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

12

pwc
Complexity of Value chain..
A board must have the capability to respond to and manage changes. Risk Management and Business Control are the first thing for any board consideration.

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

13

pwc
Internal Control Learned in Real World
Focus on Soft Control in assessing all of COSOs

Five Components and Three Objectives.

Soft Controls are subjective in nature, thus self-assessment is crucial for success. Implementation as an integral cultural change. Internal Control training is a must. Tailor practices to an organization to assure the surpassing expected benefits from the implementation.

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

14

pwc
COSOs Internal Control Definition
is a process, effected by an entitys people (board of directors, management, and other personnel), designed to provide reasonable assurance regarding the achievement of objectives in the following categories : Effectiveness and efficiency of operations Reliability of financial reporting

Compliance with applicable laws and regulations

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

15

pwc
Control Reality
Focus on people and process, not merely policy manuals and forms Require dynamic and interactive evaluation techniques. Verifying compliance with policies and procedures is not sufficient

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

16

pwc
Five Components of COSOs Control Framework
Control Environment Risk Assessment Control Activities : The Foundation on which everything rests. : Aware of and deal with the risks it faces. : Actions identified by management as necessary to address risks to achievement of objectives.

Information & Communication : People to capture and exchange the information needed to conduct, manage and control operations. Monitoring : React dynamically, changing as condition warrant.

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

17

pwc
From Backroom To Board Room

Organizations in the 21st Century must move internal control issues from their Backroom (Operating Level) to Board Room (the strategic level)

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

18

pwc
Internal Audit Paradigm Shift

Today internal auditors are management partners and consultants to add values to the organization. . No longer as a watch dog or a policeman

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

19

pwc
Internal Auditing Definition
1999 Definition : Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Traditional Definition : Internal auditing is an independent appraisal function established within an organization to examine and evaluate its objectives as a service to the organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost.

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance

20

pwc
There is no alternative
Toward the new millennium environment :
Board of Directors and senior management have no alternative not to be the leadership and ownership of systems of risk management and internal control

Kiattisak Jelatianranat 31 May 2000

2nd Asian Roundtable on Corporate Governance