Abstract
Risk management is a core element from a strategic and operational point of view. Conditions of the environment, financial scandals like Enron and Worldcom, globalization, and new technologies make risk a priority for companies that want to keep a sustainable competitive advantage under uncertainty. In line with these, there are several frameworks, initiatives, and ways to approach risk under a structure organization and integrated approach, including the development of internal control standards like Sarbanes-Oxley (SOX). One of the elements to be considered when taking optimum decisions is a proper risk management. In this chapter, the key elements of assets risk management will be exposed, starting from main concepts, constructing the elements that are applicable to build a risk management system, and developing a practical example under SOX framework with a management and system approach.
TopIntroduction
Environment of companies, are composed of challenges, risks and change. These elements are a source of uncertainty and are strongly related with high volumes of information in a globalized environment and which sometimes are not fully reliable; considering enterprises are open systems, the turbulence of the environment generates an impact from risk management perspective (Febles & Oreja, 2008) .
In this sense, to have into consideration all the variables and elements which can have incidence into the matter of study, is a key aspect for a proper decision making, as there are factors like reputation risk, information availability, process design among others which increase the intrinsic complexity given by the environment (Leisinger, y otros, 2010). In addition to this knowledge, is important to understand this needs to come together with having in place the proper procedures and methodology, otherwise, this will open the door for not taking into account, all the aspects that must have being considered as well as lack of consistency over the applied criteria’s; in this sense the need of an integrated approach considering existing variables, open the door to defining new methodologies for an improved management, with a more efficient focus and adapted to reality (Porter & M., The Big Idea. Creating Shared Value. How to reinvent capitalism and unleash a wave of innovation and growth., 2011)
As stated above, current turbulence of the environment and the occurrence of several financial scandals (like Enron explained in detail in a further section), have increased the firm´s interest on risk management procedures and requirements. As a consequence, academic researches on this topic are increasing however these researches are still under an early step of evolution, which give opens the door for new and original developments in this area (Pfister, 2009)
More specifically when studying decision making on asset management, one of the key aspects to have into consideration for being able to take optimum decisions, is an adequate management of the risk considering all the types of risks that can be applicable over asset management under a holistic approach (Ittner & Oyon, 2014)
However, the driver of the decision is sometimes affected by the fact of having related penalties due to regulatory constraints instead of understanding risk management as an added value. “If penalties are sufficiently large, the manager perfectly complies with Internal Control regulation. In contrast, if the penalty of Internal Control noncompliance is sufficiently small, the manager has no incentive to invest in Internal control”. (Schantl & Wagenhofer, 2019)
This gap between understandings internal control proactively and as an strategic element or having a reactive approach, generates a difference on the potential added value that the overall framework will be able to create. In addition, the Tone at the Tope and the talent are also key elements to be considered. Having a management structure that do not emphasize reporting quality and integrity increase the exposure of having fraud or other type of risks materialized. (Donelson, Ege, & McInnis, 2017)
In order to assure risk assessment is done effectively, the methodology and clear understanding of the nature of each of them complement the knowledge over the assets management process. With this being said, we can consider that the following aspects need to be considered from risk perspective, in order to contribute with an optimum decision making by understanding entity objectives, business processes, organizational resources, structure roles and responsibilities(Arens, Elder, & Beasley, 2014)
Key Terms in this Chapter
Value Management: Process defined with the objective of managing the value applicable under the selected scope, having into consideration that value includes those actions defined in order to control cost as well as those actions defined to create value (differentiation, innovation, perception aspects among others).
Exposure: Set of activities, which includes financial exposure that has a probability to be affected by a defined risk.
Control: A task or process designed to mitigate the probability of occurrence of a specific risk. SOX: Sarbanes-Oxley Act.
Internal Control: System composed of a group of activities defined to manage the risk that comes from the processes within the company, across all functions.
SOD: Segregation of duties. Principle that has the objective of preventing the risk of errors or fraud. One person cannot perform two functions that if performed together can compromise the “independence” premise.
Risk: Is the potential exposure to an unexpected event or unintended situation or outcome.
Role: Set of functions assigned to an individual in a specific process or activity.
Fraud: Deliberated use of current knowledge on processes and activities, in order to obtain profit by misuses or misapplication of the company resources or assets.