Perhaps no disaster in recent history has done more to show the need for strong business continuity and disaster recovery planning than the Japan earthquake and tsunami of 2011. This massive 9.0 Richter scale earthquake, which occurred off the Pacific coast of Japan, caused tsunami waves that reached more than six miles inland in spots. More than one million buildings were damaged or destroyed, and nearly 20,000 people died or went missing. Tsunami damage was estimated at more than $300 billion.
Ensuring that an organization can recover from disaster is a basic business requirement the board should explore regularly with management. Nowadays, leading organizations are taking this requirement and turning it into a strategic advantage. Namely, investments in operational resiliency are assisting organizations to become more responsive to client needs as well as improving operational reliability, quality and efficiency. It’s an effort you should consider.
Organizations have learned many lessons over the years from specific financial crises. For example, if a chief executive ignores the warning signs posed by the risk management function, resists contrarian information suggesting the corporate strategy is either not working or losing relevance, or fails to consider critical risks when evaluating whether to enter a new market or consummate a complex acquisition, the shareholders and other constituents can end up paying a high price.
Information technology is critical to the long-term success of most organizations. It is a key driver for the cost of operations, which tends to be a vital component of overall profitability. It facilitates the introduction of new business initiatives, as well as the ongoing improvement of current processes and allows the management team to monitor and report on performance. IT enables business operations through connectivity, information processing and business intelligence. Lastly, and especially important to this audience, IT can contribute greatly to a company’s system of internal controls.
Audit planning sets the tone for the audit. If audit planning hasn't been done well, it can make the entire audit much more difficult. You should be answering four key questions during audit planning:
Given the complexity of the business environment, executives need to be careful to avoid overconfidence that can be bred by an expressed or implied “official” view of the future during the risk assessment process. Overconfidence is a powerful source of illusions. It is often driven by the degree of success managers have experienced and the quality and coherence of the storyline they construct regarding the future they envision. Scenario planning is the process of testing management’s “view of the future” by visualizing different future conditions or events, what their consequences or effects would be like, and how the organization can respond to or benefit from them. Scenario planning avoids the risk of a single view of the future by enabling management to identify the likely direction and order of magnitude of the effects of changes that affect the drivers of the enterprise’s revenues, costs, profits and market share.
Developing risk maps, heat maps and risk rankings based on subjective assessments of the severity of impact of potential future events and their likelihood of occurrence is common practice. These approaches provide an overall picture of the risks, seem simple and understandable to most people, are often the result of a systematic process, and provide a rough profile of the organization’s risks.
"Close the books" is a process that a corporation uses to reconcile, consolidate and report financial information on a periodic basis. Each company defines closing the books a little differently; not all companies complete an identical list of tasks in their close-the-books process.
Every audit committee should assess the effectiveness of the organization’s internal audit function at least annually, if not throughout the year. The critical role that internal audit plays requires the audit committee to ensure that the organization receives substantial benefits from the investments made in the internal audit function. Though the charter, scope, funding and activities of internal audit vary from company to company, audit committees should at least consider the following questions when evaluating their company’s internal audit function:
Once a company forms an internal audit function, completes the risk assessment process and develops an internal audit plan that is responsive to the risk assessment, it can initiate individual internal audit assignments.
Add a Comment: