Fundamentals of Risk Management
Reporting on risk management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Reporting on risk management
425 and communication obligations refer to both internal and external communications and the obligations also refer to the importance of risk management information being communicated both to and from the board. Reporting requirements have become increasingly detailed and it is sometimes necessary for organizations to produce separate reports for different regulatory authorities. Also, some organizations may decide to issue specific reports to achieve a high profile for certain aspects of their organization. In particular, several organ- izations issue separate corporate social responsibility reports to highlight their achievements in this important area. The case studies presented at the beginning of each part of this book are all extracts from reports of companies listed on the London Stock Exchange. These case studies indicate the wide range of topics that are reported by listed companies in relation to the broad range of risk management and internal control issues that are covered in this book. sarbanes–oxley Act of 2002 The Sarbanes–Oxley Act (SOX) was passed in response to a range of corporate scandals in the United States. These scandals involved misrepresentation of the financial status of various organizations, leading to misleading financial statements. The primary purpose of SOX is to ensure that information disclosed by companies listed on the stock exchanges in the United States is accurate. SOX requires that controls are in place to ensure the accuracy of all information reported by the organization. Section 302 of the SOX requires that all data produced by the organization must be validated. In relation to financial statements, detailed analysis of risks that could result in misrepresentation of the financial results of the organization has to be undertaken. The procedures for compiling financial informa- tion and attestation of the financial disclosures by external auditors (as required by section 404) are very detailed and are considered by many to be extremely onerous and costly to undertake. When complying with section 404 of SOX, the risk assessment is designed to identify weaknesses in the financial reporting structure. This is a very detailed pro- cedure that requires considerable work by the internal audit department. The financial results of the organization and the evaluation of the financial reporting structure have to be reviewed by external auditors, who have to provide an attestation that they consider the results to be accurate. SOX requirements state that an approved risk management framework should be used to evaluate risks to accurate financial reporting. The framework recom- mended for ensuring the accuracy of financial disclosures is the COSO Internal Control framework (2013). Note that the COSO ERM framework (2004) includes all of the requirements of the earlier internal control version of COSO. The SOX requirements apply to subsidiaries of US companies operating in other countries. They will also apply to organizations based in other countries if the company has a listing on a US stock exchange. Therefore, the internal control version of the COSO framework is used by companies in many countries in the world. |
