ECIIA: Insight and oversight

10 October 2011

The oversight role of the Audit Committee includes asking management the right questions to be assured that risk management processes and internal control systems have been fully considered in the strategic and business planning processes and operations.

Insight and oversight, presents a series of issues to help Board members and Audit Committee reflect upon their role. The Board and the Audit Committee needs to ensure that their organisation is familiar with all the many individual risks that face their organizsation…before they occur! It’s a fundamental part of a comprehensive and effective risk management process.

There is no ‘one shoe fits all’ here but the global needs and objectives for fully identifying risks are valid for every organisation. The processes and practices they adopt will depend on their size, nature and complexity. Financial institutions have adopted sector models. Other organisations can adopt them to their own specific circumstances.

Strategic plans incorporate assumptions about factors in the external world that can change at any time and significantly affect the business plan. Some factors are relatively easy to monitor – exchange rates, commodity prices, interest rates, etc. Others, such as political, regulatory and social trends are harder to quantify and assess.

So there should be processes in place for identifying and monitoring changes in the external environment. The Board should review with management how the strategic environment is changing, what key business risks and opportunities are appearing, how they are being managed and what, if any, modifications in strategic direction should be adopted.

There should also be processes in place for identifying and monitoring changes in the internal environment. This area should be associated with the assessing of the internal control system.

Full paper


© ECIIA