Question:

In an organization, effective risk management involves the identification of high-level risk exposures and their analysis. Discuss all the risk management strategies out of which senior management of an organization may choose to adopt any of the risk management strategies based on the analysis of risks.

​

Ans:

When risks are identified and analyzed, it is not always appropriate to implement controls to counter them. Some risks may be minor, and it may not be cost-effective to implement expensive control processes for them. The risk management strategy is explained below:
• Tolerate/Accept the risk: One of the primary functions of management is managing risk. Some risks may be considered minor because their impact and probability of occurrence are low. In this case, consciously accepting the risk as a cost of doing business is appropriate, as well as periodically reviewing the risk to ensure its impact remains low.
• Terminate/Eliminate the risk: It is possible for a chance to be associated with the use of technology, supplier, or vendor. The risk can be eliminated by replacing the technology with more robust products and by seeking more capable suppliers and vendors.
• Transfer/Share the risk: Risk mitigation approaches can be shared with trading partners and suppliers. A good example is outsourcing infrastructure management. In such a case, the supplier mitigates the risks associated with IT management. infrastructure by being more capable and having access to more highly skilled staff than the primary organization. Risk also may be mitigated by transferring the cost of realized risk to an insurance provider.
• Treat/mitigate the risk: Where other options have been eliminated, suitable controls must be devised and implemented to prevent the risk from manifesting sting itself or to minimize its effects.
• Turn back: Where the probability or impact of the risk is very low, then management may decide to ignore the risk.

 

 

Q-2 ABC Company is having InteInternal Control System that provides it reasonable assurance about the achievement of ABC’s objectives regarding reliability of financial reporting, effectiveness and efficiency of operations. However, the company is not able to achieve its objectives. Write the limitations of the Internal Control System that hinder the success of ABC Company.

​

Ans: The limitations of the Internal Control System that hinder the success of ABC Company are as follows:
• Management’s consideration that the cost of internal control does not exceed the expected benefits to be derived.
• The fact that most internal controls do not tend to be directed at transactions of unusual nature.The potential for human error, such as carelessness, distraction, mistakes of judgement and misunderstanding instructions.
• The possibility of circumvention of internal controls through collusion with employees or with parties outside the entity.
• The possibility that a person responsible for exercising an internal control could abuse that responsibility, for example, a member of management overriding an internal control.
• Manipulations by management with respect to transactions or estimates and judgements required in the preparation of financial statements.