BOTSWANA ACCOUNTANCY COLLEGE

ENTERPRISE RISK MANAGEMENT

MODULE 3

ASSIGNMENT 3

STUDENT NAME: RENEILWE MARILYN KELEBEMANG

LECTURER: Mr. EDMUND BAYEN

a) Evaluating the effectiveness of the Board
All Boards and their committees can benefit from evaluations. Board evaluations can bring
tremendous benefits and a properly conducted evaluation can contribute significantly to
performance improvements on three levels: organizational, board and individual member level.

One of the main goals of board evaluations is to enable boards to purposefully identify and
surmount the barriers that hinder their effectiveness. Establishing an effective process for board
evaluation can send a positive signal to the organization that Board members are committed to
doing their best.

 Membership and structure

The elected board members are members with experience the necessary knowledge to take the
organization to better places. The elected sub-committees are well effective and very diligent
when it comes to performing their duties as expected thus making it easy to make sound
decisions with adequate information. One problem is that once the board meeting is done, there
are no further communication processes that exist between board members outside board
meetings.

 Purpose and intent

All Board members clearly understand the vision and mission of the organization as they all have
one common goal of which is becoming the best amongst the best and delivering high
performance as an organization. All members take full responsibility in creating and approving a
strategy that they all believe will guide their organization to higher levels with more profits and a
strategy that clearly states the budgets of how the organization will be run and stating the
expected performance targets that need to be reached by each financial year end. If not satisfied
it is within their duty to reach a common goal and create a strategy that they all agree with before
the implementation process.

 Involvement and accountability

All board members are well aware of their roles and responsibilities and are all expected to
report accordingly and contribute in all matters of the organization as there is adequate
delegation and authorization procedures put in place. One major problem is the lack of trust and
honesty among the board members of which may affect the operation of the organization.
  Monitoring and review

It is important to employ the right follow-through to implement the changes highlighted as

necessary or desirable. Results can be used to initiate group discussion as well as to implement
process changes if identified. The role of the chairman is key to introduce follow-up items on
subsequent agendas so that they are acknowledged and completed.

Basic management principles can be initiated to create action plans with specific time lines for
implementing and evaluation recommendations and for monitoring the recommendations. The
outcomes from an evaluation and actions resulting from the evaluation should form a continuous
process of improvement

 Performance and impact

There is satisfactory attendance by board members in every meeting set and a recap is usually
done before the start of a meeting and confirmation of the past minutes of previous meeting by
all members. There is effective communication with investors and other stakeholders so as to
convey the boards’ message on the outcomes that may have arose from their board meetings.

b) Stakeholder engagement Model

It has been clearly established and demonstrated by research that incorrect risk management
decisions related to strategy can destroy more value for an organization than incorrect risk
management decisions associated with the operations or projects undertaken by the organization.

Stakeholder expectations are delivered by the core processes of an organization. The core
processes that deliver stakeholder expectations can be strategic, tactical, operational or
compliant.

The following are a range of stakeholder expectations for a Bank.

 Shareholders and Investor

Our debt and equity investors are key stakeholders in our business. In addition to ensure a solid
and sustainable investment return, we are committed to maintain good relationships with our
investor community. We are transparent and providing accessible information on our company
and have processes and procedures in place to ensure that products or services fully meet our
investors’ expectations.
  Employees, Former employees, Pensioners

Our people are and always have been our most important asset and therefore an important
stakeholder. We invest in the personal and professional development of our people because their
capability and commitment define our success. We provide an environment where employees are
treated with respect, and diversity and differences are valued. We offer a competitive range of
benefits. We actively recognize employee representative bodies such as work councils.

The Bank expects its employees to act in accordance with the Code of conduct, handle their
business with integrity, deal with sensitive information appropriately and consider stakeholder in
all their actions.

 Government

We have worked extensively with the UK Government and other lending UK companies with
African interests to facilitate the launch of the commission for Africa. We comply with all legal
and regulatory aspects of business and aim to maintain strong and open relationships with
regulators and other supervisory bodies. We are committed to transparent and meet expectations
of regulators.

The Government is responsible for the framework in which public and private organizations
operate. They create legislation and regulations, influencing the way in which the Bank operates.
We hold dialogues with the responsible government representatives and actively try to contribute
to developments in the financial sector.

 Customers

We have an obligation to ensure that the customers we serve are treated fairly and are sold
products that are appropriate for their needs. We believe that this is far more than a compliance
issue but is central to creating sustainable business.

The Bank wants to ensure customers are given quality service and provided with good customer
care. Customers are also our major stakeholders as they are the ones that keep the organization
running.

 Peer Banks

We engage with peer banks as counterparties, investors, co-financiers or clients. We are

committed to being transparent and a trustworthy partner. Responsibilities to our stakeholders
also include operating with integrity in the securities and financial markets that constitute our
business arena. We therefore take the utmost care when handling confidential information.
In order to safeguard the integrity and reputation of the Bank and that of financial markets, our
peer banks and the banking system as a whole, due diligence checks are required prior to
engaging in business with a client.

 Suppliers

Through the products and services that we purchase from our suppliers we have an impact on
society and the environment. However, as most of our suppliers deliver services and are located
in high income countries, this impact is often limited or not significant. Still, we aim to minimize
the negative impacts by purchasing sustainable solutions.

We also expect our suppliers to act as responsible corporate citizens and to meet our
sustainability standards. We include sustainability criteria in all contracts with suppliers and
depending on the nature and impact of the activities.

c) The 8 Components of ERM Framework

COSO broadly defines enterprise risk management as a process effected by an entity’s board of
directors, management and other personnel, applied in strategy-setting and across the enterprise,
designed to identify potential events that may affect the entity, and manage risks to be within its
risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Entity level objectives are linked to and integrated with more specific objectives (i.e. operations,
reporting, and compliance). These specific objectives are broken down further into sub-
objectives established for various activities such as, sales, production and infrastructure
functions.

The framework encompasses, but does not replace, the Internal Control. The 8 key components
of the COSO ERM framework are as follows;

1. Internal environment

This component reflects an entity’s enterprise risk management philosophy, risk appetite, board
oversight commitment to ethical values, competence and development of people, and assignment
of authority and responsibility. It encompasses the tone at the top of the enterprise and influences
the organizations governance process and the risk and control consciousness of its people.
 2. Objective setting

Management sets strategic objectives, which provide a context for operational, reporting and
compliance objectives. They are aligned with the entity’s risk appetite, which drives risk
tolerance levels for the entity.

3. Event Identification

Potential events that might have an impact on the entity must be identified. These impacts may
be positive or negative. Potentially positive events represent opportunities, which get
management channels back into the strategy and objective setting process.

4. Risk assessment

Management considers qualitative and quantitative methods to evaluate the likelihood and
impact of potential events, individually or by category which might affect the achievement of
objectives over a given time.

5. Risk Response

Management considers alternative risk response options and their effect on risk likelihood and
impact as well as the resulting costs versus benefits, with the goal of reducing residual risk to
desired risk tolerances.

6. Control activities

Management implements policies and procedures throughout the organization, at all levels and in
all functions, to help ensure that risk responses are properly executed.

7. Information and Communication

The organization identifies captures and communicates pertinent information from internal and
external sources in a form and timeframe that enables personnel to carry out their
responsibilities. Effective communication also flows down, across and up the organization.
Reporting is vital to risk management and this component delivers it.

8. Monitoring

On-going activities and/or separate evaluations assess both the presence and functioning of
enterprise risk management components and the quality of their performance over time. the
thought process underlying the framework works in a manner such that, any given objective,
such as operations, management must evaluate the eight components of ERM at the appropriate
level, such as the entity or business unit level.
d) Enterprise Risk Management Concepts:

i. Three Lines of Defence

The three lines of defence approach are compatible with the concept of governance, risk and
compliance. In this model, the first line consists of ones business’ frontline staff. They are
charged with understanding their roles and responsibilities and carrying them out correctly and
completely.

The second line is the regular monitoring process. It is created by the oversight functions made
up of compliance and risk management. These functions set and police policies, define work
practices and oversee the business frontlines with regards to risk and compliance.

The third and final line of defence is that of auditors and directors. Both internal and external
auditors regularly review both the business frontlines and the oversight functions to ensure that
they are carrying out their tasks to the required level of competency. Directors’ review reports
from audit, oversight and the business, and will act on any items of concern from any party. They
will also ensure that the three lines of defence are operating effectively and according to best
practice.

ii. Control Effectiveness

Control effectiveness represents the effectiveness of all the controls that act upon a particular
risk. This includes those controls that affect the likelihood of the risk (sometimes called
‘preventive controls’ when the controls act to reduce the likelihood of negative consequences)
and those that affect the consequences, sometimes called mitigating controls.

Control effectiveness reflects not just the ability of controls to theoretically treat a risk, but also
their actual effectiveness in terms of consistent, complete, reliable and timely operation. In this
way, the measure represents the fit of the actual controls to the design intent for risk treatment,
particularly in terms of changing the casual aspect of the risk and the actual effectiveness in
practice.

Control effectiveness can be expressed in quantitative or qualitative terms and can be either an
absolute or a relative measure. it is normally reported together with a measure of residual risk.
iii. Control Risk Self-Assessment

Control risk self-assessment is also generally known as a type of self-certification and is

frequently undertaken as an electronic return or recorded on the intranet of the organization. It is
a technique that is used by a range of organizations including corporations, charities and
government departments, to assess the effectiveness of their risk management and control
process.

The control risk self-assessment also provides confirmation of adequate levels of internal control
and risk assurance. It will also enable the internal auditors to identify areas additional controls
may be required. For example, an organization had set out a test of materiality at P1 million
might require reports on the control risk self-assessment return of any failure in controls that
resulted in an incident or loss in excess of P100, 000 at departmental level.

iv. Risk Assurance

Risk assurance is an important overall risk management process. The audit committee will seek
assurance that all of the significant risks are being adequately managed and that all of the critical
controls are effective and that they have been efficiently implemented.

When considering risk assurance, the organization will need to evaluate different issues,
depending on whether the evaluation is related to strategy, tactics, operations or compliance.

For example; when a company plans to borrow money from a bank, it may be asked to
demonstrate how the board obtains assurance that the management of significant risks is
satisfactory. Sources of assurance might include;

-evaluating risk culture of an organization.

-overall business success of individual departments;

-quality reports produced by internal audit;

The benefits of risk assurance are that it builds confidence with stakeholders, provides assurance
to sponsors and financiers, reduces chances of damage to reputation, encourages risk culture
within the organization and allows more secure delegation of authority.
v. Reasonable assurance

Reasonable assurance is the level of confidence that the financial statements are not materially
misstated that an auditor exercising professional skill and care is expected to attain from an audit.
Risk assurance is also the acknowledgement that it is not possible to assert absolutely and
certainly that an event will (or will not) occur. Some of the factors affecting risk assurance are;

-Inherent limitation of an audit e.g. failure of audit procedures to detect material misstatements in
financial statements.

-Exercise of judgment by the auditor in gathering of evidence and drawing of conclusion.

-Existence of other limitations like related parties etc.