Pursuing Global Alignment of Risk Management Guidelines
1. Pursuing Global Alignment of
Risk Management Guidelines
Vincent Tophoff, International Federation of
Accountants (IFAC)
COSO, IFAC, ISO, RIMS, and ROGB Panel
Discussion and Networking Event
Chicago
September 24, 2013
Page 1 | Confidential and Proprietary Information
2. International Federation of Accountants
The International Federation of Accountants (IFAC) is:
• The global organization of the accountancy profession
• 164 member bodies and associates in 125 countries
• 2.5 million professional accountants in public practice,
commerce, industry, financial services, the public sector,
education, and the not-for-profit sector
• Public interest focused
More than half are
in this box. We call
them PAIBs and the
PAIB Committee
exists to support
them
Page 2 | Confidential and Proprietary Information
3. International Federation of Accountants
What IFAC does:
• Establish and promote adherence to high quality
professional standards
• Further adoption and implementation of standards
• Support the global development of the accountancy
profession
• Provides a global voice and promotes the value of
professional accountants worldwide
• Helps its members support professional accountants
in business and small and medium practices
Page 3 | Confidential and Proprietary Information
4. Professional Accountants in Business
• Supports professional accountants in following areas:
– Governance and ethics
– Risk management and internal control
– Sustainability and corporate responsibility
– Financial and performance management
– Business reporting
– Promoting and contributing to the value of professional accountants
• All areas of critical importance to professional accountants
(and for risk managers too…)
Page 4 | Confidential and Proprietary Information
5. Bad vs. Good RM/IC Practices
There has been an overwhelming load of bad practice:
– RM/IC as objective in itself
vs.
RM/IC to achieve objectives
– Auditor / staff driven
vs.
Board and management driven
– Rules-based
vs.
Principles-based
– Of the shelf systems
vs.
Tailor made
– Focused on threats only
vs.
Also focused on opportunities
– Mainly hard controls
vs.
Social / human aspects
– Artificially implemented
vs.
Organically implemented
– Stand-alone / “bolt-on”
vs.
Integrated / ”built-in”
– Static, out-of-date
vs.
Dynamic, evolving
– Creates costs
vs.
Creates results / value
– Abandoned
vs.
Supported
Page 5 | Confidential and Proprietary Information
6. Global Crisis
• Global Crisis, according to IFAC research, caused by:
– Ethical flaws
– Governance, RM/IC in name, but not in spirit
– Regulatory overload, leading to legalistic compliance
– Risk & control systems too narrowly focused on only financial
reporting controls
• Conclusions from the crisis:
– Organizations should take a broader approach in risk management
and internal control
– Appropriate application of risk management and internal control
standards and principles is often the problem
Page 6 | Confidential and Proprietary Information
7. Emerging Trends
Respondents to the IFAC Global Survey on Risk
Management & Internal Control recommended the
following :
• Emphasize the benefits of (more integrated) risk management and
internal control
• Bring various risk management and internal control standard setting
organizations (e.g., COSO, ISO 31000, the Risk Oversight &
Governance Board, etc.) and their guidelines closer together
• Collaborate with experts on developing practical application guidance
for (integration of) risk management & internal control
Page 7 | Confidential and Proprietary Information
8. COSO ERM vs. ISO 31000
Many entities use both COSO ERM & ISO 31000…
COSO
ISO 31000
Too short, however,
to really understand
Lengthy
vs.
Short
Focused on ERM
vs.
General approach to managing risk
One cube
vs.
Framework and process
Skewed to negative
vs.
Risk can be positive or negative
Risk already exists
vs.
Risk tied to achieving objectives
Risk & opportunities
vs.
Opportunities also source of risk
More sequential process
vs.
More iterative process
… Biggest challenge is that concepts not aligned
Page 8 | Confidential and Proprietary Information
9. Next step > Further Global Alignment of Guidelines
• IFAC facilitates further global alignment of risk
management and internal control guidelines
• Through bringing various risk management and internal
control standard setting organizations (and their
guidelines!) closer together
• As per the outcomes of our survey!
• And now over to you…
Page 9 | Confidential and Proprietary Information
10. • For further information please contact:
• Vincent Tophoff at vincenttophoff@ifac.org
• Visit www.ifac.org
Page 10 | Confidential and Proprietary Information