-
Best Forms of Executive Compensation
Generally a combination of fixed compensation and insentive compensation that is related to long-term stock price.
-
Monitoring Devices
Internal & external devices that exist to monitor management including: BOD's, NYSE & NASDAQ, Internal Auditors, External Auditors, Investment Banks & securities analysts, creditors, credit rating agencies, attornies, SEC, IRS, Corporate takeovers, shareholder activism
-
Control Environment
Sets the tone of an organization: Integrity and ethical values, committment to competence, human resource polices and procedures, assignment of authority, management philosophy and operating style, board of directors or audit committee, organizational structure.
-
Risk Assessment
Management's process for identifying, analyzing, and responding to risks
-
Control Activities
Policies and procedures that help ensure that management directives are carried out: Performance reviews, Information processing controls, Phisical Controls, Segregation of duties (PIPS)
-
Information and Commuication
Should be implemented to capture info and process, summarized and report the info on an accurate and timely basis.
-
Monitoring
A process used to asses the quality of IC performance over time.
-
Change Control Processess
An effective change control process enables management to control (1) Change requests, (2) Change analysis, (3) Change decisions, and (4) Change planning, implementation and tracking
-
Enterprise Risk Management (ERM)
a process, effected by an entity's BOD, management, and other personnel, applied in a strategy setting and across the enterprise designed to indentify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievment of entity objectives.
-
Compontents of ERM
8 interrelated: (1) Internal Environment. (2) Objective setting, (3) Event identification, (4) Risk assessment, (5) Risk response, (6) Control activities, (7) Information and communication, (8) Monitoring
-
Event Identification Techniques:
- (1) Event inventories
- (2) Internal analysis
- (3) Escalation or threshold triggers
- (4) Facilitated workshop or interviews
- (5) Process flow analysis
- (6) Leading event indicators
- (7) Loss event data methodologies (black swan analysis)
-
Inherent Risk
The risk to the organization if management does nothing to alter its likelihood or impact
-
Residual Risk
The risk of the event after considering management's response. Risks are assessed in terms of their likelihood of occuring and their impact
-
Risk Response
- Management selects risk responses that are consistent with the risk appetite of the organization including:
- (1) Avoidance - exiting activity
- (2) Reduction - reduce risk likelihood/impact
- (3) Sharing - reducing/trsfing/sharing portions of risk
- (4) Acceptance - no action taken
-
Limitations of ERM
Risk relate to the future which is uncertain. ERM provides info about risks of achieving objectives but cannot provide reasonable assurance that objectives will be met. ERM cannot provide absolute assurance w/respect to any of the objectives. Specific limitations include: (1) effectiveness of ERM subject to limitations of human judgement, (2) well-designed ERM can breakdown, (3) Collusion amoung 2 or > employees, (4) can never be perfect due to cost-benefit contraints, (5) subject to management override.
|
|
