1 pwc Board responsibility for internal control and

1 pwc Board responsibility for internal control and risk management by Kiattisak Jelatianranat Chairman, The Institute of Internal Auditors of Thailand Director, Pricewaterhouse. Coopers Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on Corporate Governance

2 pwc Responsibility VS Accountability • Responsibility will do? What, and Who • Accountability whom? How, and For . ………Both need independence and objectivity Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

3 pwc Balanced Scorecard in Corporate Governance • Financial & non-financial information. • Equitable Treatment of stakeholders. • Combination of Lagging and Leading Information. • Alignment of short-term objectives Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

4 pwc Balanced Responsibility …… legal & moral Board “core” responsibilities. ……… • Create strategic vision • Select CEO & Senior management • Establish strategic, accountable information • Independent, objective and competent oversight of day-to-day Kiattisak Jelatianranat 31 May 2 nd Asian Roundtable on operations 2000

5 pwc Board Effectiveness x Board initiative & Ownership of: • Corporate governance framework • Risk management system • Internal control system • Auditing x Selection of CEO & senior management x Oversight of CEO & senior management to establish • Accounting system • MIS • Compliance program • Operating systems Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

6 pwc Why corporate governance matters ? Su Pleasant Working Environment ta Fo bs rm Sustainable Growth e nc Spirit • Effective governance, and • Proper communication with your stakeholders Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

7 pwc Searching for the upside of risk management Value Chain VS Risk Prevention Preservation Enhancement Opportunity base-line Uncertainty Harzard Risk is any issue which could impact your ability to meet your objectives Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

8 pwc Risk ………. . • Risk Assessment -Identify -Measure -Prioritize • Risk Management -Assess adequacy of existing controls -Develop a control improvement plan -Create a continuous program for objectives, risk and control assessment Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

9 pwc Risk Management Action Options Fix Controls Options Re-Engineer Process Trainings Transfer Risk (Insurance( Outsource the Function Do nothing-Bet Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

10 pwc Well-controlled Organizations Key attributes of a well-controlled organization include: . 1 #Leadership of Board. 2 #Translation of strategic vision to day-to-day management. 3 #Communication of objectives & values to all levels. 4 #Individual accountability. 5 #Risk management system. 6 #Human resources reinforcement. 7 #Independent, objective and competent oversight Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

11 pwc Risk & Control : The twin systems • Articulate risk philosophy Objective Risk Co m • Define values and behavioral expectations • Assess risk • Manage risk • Assess existing controls Control mu nic ati on s& Au d it • Define strategic risk • Select control model • Continuous communication Alignment • Continuous program for ORC • Develop a control improvement plan …Operations are dynamic and evolving. . . Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

12 pwc Complexity of Value chain……. . • A board must have the capability to respond to and manage changes. • “ Risk Management” and “Business Control” are the first thing for any board consideration. Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

13 pwc Internal Control Learned in Real World • Focus on “Soft Control” in assessing all of COSO’s “ Five Components” and “Three Objectives. ” • Soft Controls are subjective in nature, thus self-assessment is crucial for success. • Implementation as an integral cultural change. • Internal Control training is a “must. ” • Tailor practices to an organization to assure the surpassing expected benefits from the implementation. Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

14 pwc COSO’s Internal Control Definition is a process, effected by an entity’s people (board of directors, management, and other personnel), designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

15 pwc Control Reality • Focus on people and process, not merely policy manuals and forms • Require dynamic and interactive evaluation techniques. • Verifying compliance with policies and procedures is not sufficient Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

16 pwc Five Components of COSO’s Control Framework • Control Environment : The Foundation on which everything rests. • Risk Assessment : Aware of and deal with the risks it faces. • Control Activities : Actions identified by management as necessary to address risks to achievement of objectives. • Information & Communication : People to capture and exchange the information needed to conduct, manage and control operations. • Monitoring 31 May 2000 Kiattisak Jelatianranat : React dynamically, changing as condition warrant. 2 nd Asian Roundtable on

17 pwc From Backroom To Board Room Organizations in the 21 st Century must move internal control issues from their “Backroom” (Operating Level) to “Board Room” (the strategic level( Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

18 pwc Internal Audit Paradigm Shift Today internal auditors are management partners and consultants to add values to the organization. . ……… No longer as a watch dog or a policeman Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

19 pwc Internal Auditing Definition 1999 Definition : Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Traditional Definition : Internal auditing is an independent appraisal function established within an organization to examine and evaluate its objectives as a service to the organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost. Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on

20 pwc There is no alternative Toward the new millennium environment: Board of Directors and senior management have no alternative not to be the leadership and ownership of systems of risk management and internal control Kiattisak Jelatianranat 31 May 2000 2 nd Asian Roundtable on