Importance of Risk Assessment & Management

Importance Of Risk Assessment & Management

“Tool for Fraud Prevention in the current scenario”

The article briefly explains the importance of risk assessment and management in the current scenario wherein a lot of frauds/ scams are happening. Be it the case of corporate houses, banks, service centres, IT companies.

The article also aims at describing the techniques to be used by Auditors while ascertaining the effectiveness of risk assessment framework established in the organization in order to detect and prevent frauds.

“A Ship in Harbor Is Safe, But that Is Not What Ships Are Built For”

John A. Shedd? 

John A Shedd long ago wrote this and might have inspired a lot of people thereby encouraging them to come out of their comfort zones and facing a lot of new challenges in and around them.

For gaining experiences and actually facing the challenges the unforeseen situations and circumstances which we daily face is commonly called as “Risk”.

If we talk about the organisations, a more sophisticated and formal version of the word “Risk” may come out in the following manner

“Business risk is the possibility a company will have lower than anticipated profits or experience a loss rather than taking a profit. Business risk is influenced by numerous factors, including sales volume, per-unit price, input costs, competition, the overall economic climate and government regulations”(Source- Investopedia)

According to a survey conducted by advisory firm PPB, risk is defined in this manner:

“Organisations face internal and external actors and influences that make it uncertain whether, when, and the extent to which they will achieve or exceed their objectives. The effect this uncertainty has on the organisation’s objectives is risk.”

As per SA 315 issued by the Institute of Chartered Accountants of India-“Business risk is a risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies”

To prevent occurrence of any unfavorable situations across business, the corporate leaders take numerous steps but somehow the efforts taken by them either lack their conscious approach or lack calculative risk assessments. This is perhaps the reason why in every sector we are facing huge amounts of frauds, misappropriation of funds, violation of legislative norms, manipulations etc, Be it the case of software companies, manufacturing sector or banking sector, the so called formalized “Corporate” sector is struggling to bear these threats and potential losses.

Some of the major frauds which have happened in India in the recent times are mentioned below-

Scam/ Fraud	Year	Rs. in crores	Party Involved
Punjab National Bank	2011-18	11600	Nirav Modi, Ami Modi, Neeshal Modi, Mehul C Choksi
Saradha Group Financial Scandal	2013	2500	Kunal Ghosh, Sudipto Sen, Madan Mitra, Mukul Roy and many more
Abhishek Verma arms deals scandal	2012	80000	Abhishek Verma, Anca Verma
Common Wealth Games Scandal	2010	70000	Suresh Kalamadi, Sheila Dikshit – the then Chief Minister of the State
Indian Coal Allocation Scam	2012	185591	Coal ministry under United Progressive Alliance government. Sriprakash Jaiswal
Uttar Pradesh NRHM scam	2012	10000	Babu Singh Kushwala
2G case	2008	176000	Nira Radia, A. Raja, M. K. Kanimozhi, many telecommunications companies

And many more. The list is infact endless and beyond acceptability of an honest native of this nation. But still we are facing all the hard truths and hoping for a bright sunshine everyday. Be it the reign of Congress, BJP or any other party, we are no more than slaves at the mercy of these Government officials for safeguarding our hard earned money, sometime in the form of Bank Deposits, sometime in the form of Shares and other times in the form of relief funds.

Since 1950 when the first financial scandal happened in the free India known as “The Mundhra Scandal” -The Mundhra scandal exposed the nexus between the Bureaucracy, stock market speculators and small rogue businessmen. It also brought to light rifts between the then Prime Minister Jawaharlal Nehru and his son-in-law Feroze Gandhi, and also led to the resignation of India’s then finance minister T. T. Krishnamachari, there was no looking back, for instance-

– BHU Funds misappropriation in 1956- corruption by Benaras Hindu University officials, accused of misappropriationof funds worth Rs 50 lakh,

– Nagarwala scandal in 1971-a fraudulent act in which Rustom Sohrab Nagarwala convinced Ved Prakash Malhotra to withdraw 6 million rupees from the branch of the State Bank of India where he was the head cashier,

and then came the financial scandal in 1990’s which actually exposed the loopholes of the banking system in India,

– “The Harshad Mehta” case wherein it was alleged that Mehta was engaged in a massive stock manipulation scheme financed by worthless bank receipts, which his firm brokered in “ready forward” transactions between banks,

– in 2001 the Ketan Parekh Securities Scam,

– the IPO scam in 2004,

– the Pazee Forex scheme in 2008 and has continued till date such as

– Adani group, Reliance ADAG, Essar accused of cheating in Rs 290 billion scam in 2017

and latest being on 18 February 2018

– it was stated in a CBI FIR that Rotomac had cheated a consortium of seven banks by siphoning off bank loans of Rs2,919 crore. Including interest, the amount comes to Rs3,695 crore. The agency FIR added that Rotomac had diverted the sanctioned loans to another “fake company”, from where the money was routed back to Rotomac.

The Common Factor behind all Frauds

It is generally said that for every problem there lies a solution but perhaps neither the system nor the officials were interested in identifying the problems and applying the corrective solutions. Although the dire need was to implement the preventive controls in the system so that these type of recurrences never happen but we could not found any such corrective actions at any end neither at corporate level nor at banking systems. This is the result that till date we are suffering from such regulars lapses.

The main factors which have contributed can be summarized as follows-

1. Lack of proper risk assessment across levels

2. Lack of detective controls in place

3. Inappropriate preventive control measures

4. Inadequate corrective control framework

In this article we will talk about the requirements of Risk Assessment & Management and its importance.

Risk Management

Risk Management is the process of identifying, analyzing and responding to risk factors throughout the business at various stages coming across working in the best interests of its objectives. It will also help in control of possible future events and is proactive rather than reactive.

• Identifying the Risk

– Reviewing the lists of risk sources as well as the previous experiences and knowledge

– Assessments of risks and categorizing and prioritizing.

• Assess the Risk
  • Identifying the root causes of the risks, including:

– What would cause this risk?

– How will this risk impact the project?

• Developing Responses to the Risk
  • Assessing possible remedies to manage the risk or possibly, preventing the risk from occurring, including:

– What can be done to reduce the likelihood of this risk?

– What can be done to manage the risk, should it occur?

• Preventative Measures for the Risk

– Tasks identified to manage the risk are developed into short contingency plans that can be put aside. Should the risk occur, they can be brought forward and quickly put into action, thereby reducing the need to manage the risk by crisis.

Importance of Risk Assessment and Risk Management in Organizations-

Risk management is of paramount importance in an organisation because without it, the business cannot possibly define its objectives for the future. If a company defines objectives without taking the risks into consideration, there are huge chances that the direction of working will be lost and the business will be heading towards a different path where the road and twists and turns have not been reviewed properly like it has happened in so many cases across nation as mentioned above.

Useful tools for Risk Assessment and Risk Management

One of the most important tool for this task is the Risk Management Plan. A risk management plan including identification of risks- According to the Huffington Post, there are four main types of risk about which a business needs to be aware.

• Market risk is the risk that is associated with the potential for the value of the assets of a business to decrease in due to external factors such as interest rates, foreign exchange rates, and commodity prices.
• Credit risk refers to the losses that occur when a debt that is owed is not paid to the company.
• Operational risk refers to the potential of business losses that occur due to inadequate actions or failures on the part of the business or external factors. Some reasons for operational risk include the following:
  • Internal fraud
  • External fraud
  • Employment practices
  • Client and business practices
  • Business continuity practices
• Reputational risk develops from the possibility of damage to the company’s reputation due to both internal and external factors.

Constituents of an effective risk management plan-

• Commitment from all levels of the organization
• Defined policies and procedures
• Defined roles, responsibilities, and accountability of all managers across organisation
• Allocation of resources and tools for the plan
• Ongoing training, testing and monitoring of the risk management plan

Process of Risk Management

Risk management can be divided into four parts:

a. Defining a risk management strategy;

b. Identifying and analyzing risks; and

c. Handling identified risks,

d. Implementation of risk mitigation plans

There cannot be nil threat to fraud as there are numerous factors surrounding organisation’s working which are beyond control and can only be avoided by taking some pro-active preventive measures.

Role of Auditor in Identifying and Assessing the risk of Material Misstatement through understanding the Entity and its Environment in terms of SA 315

Relevant extract of para 5 & 6 of the standard related to Risk Assessment Procedures and Related Activities

“5. The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion.

6. The risk assessment procedures shall include the following:

(a) Inquiries of management and of others within the entity who in the auditor’s judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error.

(b) Analytical procedures.

(c) Observation and inspection.

Relevant extract of para 11 of the standard related to required understanding of the entity and its environment, including the entity’s Internal Control

“11. The auditor shall obtain an understanding of the following:

(a) Relevant industry, regulatory, and other external factors including the applicable financial reporting framework.

(b) The nature of the entity, including: (i) its operations; (ii) its ownership and governance structures; (iii) the types of investments that the entity is making and plans to make, including investments in special-purpose entities; and (iv) the way that the entity is structured and how it is financed; to enable the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements.

(c) The entity’s selection and application of accounting policies, including the reasons for changes thereto. The auditor shall evaluate whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry.

(d) The entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement.

(e) The measurement and review of the entity’s financial performance”

Relevant extract of para 25 of the standard related to Identifying and Assessing the Risks of Material Misstatement

“25. The auditor shall identify and assess the risks of material misstatement at:

(a) the financial statement level; and

(b) the assertion level for classes of transactions, account balances, and disclosures;

to provide a basis for designing and performing further audit procedures”

Conclusion-

“If you don’t actively attack risks, they will actively attack you!!”

Risk Management is a continuous process and need not only be done at the very beginning of the business but be continuously throughout the life of the business.

In the present scenario of revival of corporate law and norms being made stringent, there is an ample space for the overall recognition of such an important technique for preventing frauds.

We shall talk about other important aspects such as Effective Control Framework and types of controls required to establish an effective risk magement framework etc in the next articles.

CA Rubneet Anand (B.Com, M.Com(Finance& Taxation), MBA (Finance & International Business- IMT Ghaziabad) carubneetanand@gmail.com, Deputy Manager (Internal Audit & Indirect Taxation)-M/s SML Isuzu Ltd-Facebook Page-Corporate Prism-Consultation in Accounting & Corporate Management https://www.facebook.com/CARubneetAnand/