At the end of this module you should be able to:

• explain the importance of recognised frameworks for risk management and internal control and apply these to specific scenarios

• explain the regulatory requirements that apply to organisations

• identify and explain the key elements of an effective governance framework for financial risk management

• explain the key controls over financial risks

• evaluate controls over derivatives in a corporate environment

• explain an organisation’s financial risk management framework.

https://www.cpaaustralia.com.au/-/media/corporate/allfiles/document/cpaprogram/subject-outline-financial-risk-management.pdf?la=en&rev=d5a482895eb54ad984bd53cc45c1bebc

Activity - ASX principles on good governance

John is the CFO in an ASX-listed company and is preparing the year-end financial report. The CEO, Darren, is a very forceful, domineering individual with only a general awareness of accounting and financial risk management principles.

Darren has instructed John to make sure that he arrives at the "correct" accounting outcomes with regards to certain hedging positions held by the company. Darren noted that the fair values of the hedges held by the company have decreased, and therefore he wishes to process these fair value losses entirely to other comprehensive income (equity), regardless of whether the hedges were effective.

As in previous years, John has performed the calculation in line with Darren's instructions.

Using the ASX principles on good governance, assess the appropriateness of the behaviour of Darren and John in the scenario provided above.

ASX Principles

1. Lay solid foundations for management and oversight

2. Structure the board to add value

3. Act ethically and responsibly

4. Safeguard integrity in corporate reporting

5. Make timely and balanced disclosure

6. Respect the rights of security holders

7. Recognise and manage risk

8. Remunerate fairly and responsibly

(X) 1. Lay solid foundations for management and oversight

• Board responsible for overseeing the integrity of accounting and corporate reporting, and the process for making timely and balanced disclosure.

• Management responsibly for providing the board with accurate, timely and clear information.

( ) 2. Structure the board to add value

(X) 3. Act ethically and responsibly

• requires individuals to act with honesty, integrity and in reasonable expectations of investors

• management has a responsibility to create a culture that promotes ethical and responsible behaviour.

• being domineering and aggressive, and forcing another person to perform their job in a biased way, would likely not be considered ethical or responsible.

(X) 4. Safeguard integrity in corporate reporting

• entity should have an audit committee that makes recommendations as to whether the financial statements provide a true and fair view, and the appropriateness of accounting judgements or choices.

• entity requires formal and rigorous processes that independently verify and safeguard the integrity of corporate reporting.

• CEO/CFO should declare that the financial statements comply and provide a true and fair view and have been prepared properly.

(X) 5. Make timely and balanced disclosure

• entity should make 'balanced' disclosure, both positive and negative information

(X) 6. Respect the rights of security holders

• provide security holders with appropriate information, communicating openly and honestly

(X) 7. Recognise and manage risk

• requires an appropriate framework to identify and manage risk

• a risk committee's role would include reviewing any incident involving the breakdown of internal controls.

• an internal audit function can bring a systematic, disciplined approach to evaluating and continually improving risk management and internal controls

( ) 8. Remunerate fairly and responsibly

8.1. Culture of risk management

Culture is critical

• culture of risk management

• set by the tone at the top

• permeates throughout the organisation

• every decision, activity and initiative has a degree of risk

• appropriately manage risks based on risk appetite

• not risk aversion... but risk intelligence

Quiz. Elements of fraud

Which element of fraud can an organisation best manage?

• motive

• pressure

• opportunity

• rationalisation

other than striving for an ethical culture other aspects are more likely to be out of an organization's control - so removing the opportunity is the best way an organisation can reduce the risk of fraud

Fraud triangle

8.2. Risk management framework

1. establish context

2. identify risk

3. analyse risk

4. evaluate risk

5. treat risk

• monitor and review

• communicate and consult

Directors' duties

- obligations under Corporations Act 2001

• duty of care

• act in good faith

• proper use of information and position

• not trade while insolvent

- ASIC and ASX requirements

• financial reporting declarations

• board audit committee

• financial risk management reports and strategies

- other obligations

• e.g. setting realistic goals - avoiding excessive risk taking behaviour

Case study - mismanagement cited as irrigation trust sponged dry (First Mildura Irrigation Trust)

1. FMIT received a $2.2 m investment from Treasury Corporation of Victoria (loan)

2. FMIT invested the proceeds in an unapproved investment

3. the funds subsequently lost $2m in value due to sub-prime fallout

4. Victorian Water Minister subsequently forced FMIT to merge with Lower Murray Watter

1. how many the directors have breached their duties and obligations?

• duty of care - to safeguard organisation funds

• not avoiding excessive risk taking

• breach of organisation policies

2. what were the financial risks that the investment exposed the organisation to?

• interest rate risk

• counterparty risk

• foreign exchange risk

3. how could this have been prevented or better managed?

• by investing in authorised institutions only

• better research into the broker and investment options

Organisational structure - example

Quiz. ASX principles

Which of the ASX Principles are mandatory for listed Australian companies?

• none

• Principle 7

• all principles

they are not actually mandatory even for listed companies - but there is an "if not, why not?"approach to the adoption of these corporate governance principles

Quiz. Mandate of a risk committee

Which of the following would least likely be considered by a risk committee?

• recommending risk management policies and guidelines

• reviewing exposures relating to the funding and liquidity risk

• setting senior management remuneration and performance targets

• assessing and reviewing current and future market conditions

8.4. Governance framework for financial risk management

FRM Policy

- framework

• how risks are measured

• how risks are to be managed

- authorities (and delegations)

• approval limits

• segregation of duties

- authorised financial instruments

• borrowings and investments

• derivatives and hedging instruments

- performance measures

- reporting requirements

Risk register

Significant financial risks and related controls

• GK is a corn farming and processing operation located in Western Australia.

• GK has three sources of income:

1. GK sells the majority of its corn to Australian supermarkets in the form of canned corn. After harvesting, GK processes and cans the corn and arranges for it to be delivered to the supermarkets' central distribution warehouse

2. in addition to locally sold canned corn, GK also exports canned corn to customers in NZ, the US and China

3. GK sells any surplus corn cobs to wholesale buyers that could not be canned for sale at farmers' markets

• as at 30 June 2016 GK had current assets worth $1.3 m, current liabilities of $1.1 m and long-term borrowings of $800,000

What are the most significant risks that the board of GK should be aware of?

Key controls over financial risks?

- liquidity: do the customers pay quickly? enough cash to pay suppliers? current ratio of 1.18 (1.3m / 1.1m)

• cash flow forecasts

• maintaining cash buffers

• offsetting cash and overdrafts

• debtor management policy

- funding: $800k in long-term borrowings - able to rollover?

• maintaining credit rating

• preparing long-term forecasts

• monitoring funding facilities

• diversifying funding sources/maturities

- interest rate: long-term borrowings on floating rates or fixed?

• diversified maturity profile

• hedge targes and ranges

• sensitivity analysis

• authorised hedge instruments

- foreign exchange: exporting to overseas markets - affected by the value of the AUD

• exposure limits

• hedge targes and ranges

• sensitivity analysis

• authorised hedge instruments

- commodity price: corn prices rise and fall - locked in?

• exposure limits

• hedge targes and ranges

• sensitivity analysis

• authorised hedge instruments

- credit: are sales paid in advance or cash sales, or on credit? majority of sales are to supermarkets

• approved counter-parties

• minimum credit rating criteria

• exposure limits

• diversifying counter-parties

- operational: cash collection processes, internal controls in payments function

• proper recording keeping

• strong policies and procedures

• internal control framework

• high-quality staff plus training

8.5. Internal control framework

Quiz. COSO framework

which of the following is not a component of the COSO cube for internal controls?

• risk assessment

• control activities

• monitoring activities

• accounting principles

• control environment

Purpose of internal controls

to assist in the achievement of organisational objectives:

• effectiveness in operations

• efficiency in operations

• reliability of financial reporting

• compliance with laws/regulations

8.6. Operational risks

Stationery Pty Ltd is a small company owned by Sam.

The primary business is the sale of stationery. The company has not been very profitable and Sam is concerned that this might be related to poor internal controls within the company. He has approached you for assistance in this regard.

Previously, Sam never bothered with internal controls as there are only five full time employees and Sam was of the opinion that investing in internal controls would be a waste of money.

Identify the weaknesses evident from the below case study on Stationery Pty ltd.

Provide recommendations for improvement.

8.7. Controlling financial risks

Quiz. Financial statement assertions

Which of the following assertions does not relate to fixed assets?

• rights

• existence

• valuation

• obligation

Assets are the rights of the entity.

Liabilities are the obligations of the entity

Risks and assertions (errors)

Types of internal controls

• prevent - policies, procedures, supervision, access restrictions

• detect - reviews, reconciliations, verifications

• correct - reporting breaches, changing authorisations

Example of controls - general v application

what are the general and application (input, processing, output) controls that apply when you visit an ATM?

general IT controls are controls, policies and procedures that relate to many applications and support the effective functioning of application controls

• network protection and information security policy

• bank card

• access PIN - numbers only

• pre-existing options

• standard screen layout

• limit restriction

• receipt (output)

• counting cash

Quiz. Segregation of duties

which of the following tasks would most likely be performed in a back office function?

• buying hedging instruments

• monitoring credit exposures

• processing deal settlements and invoicing

front - deal execution, logging terms

middle - capturing, monitoring, assessing positions

back - deal confirmation, settlement, accounting, invoicing

Attributes of derivative controls - documentation

8.8. Financial risk management policy

Example:

• authorities

• financial condition

• protection of assets

• cash management

• cash disbursement and cash handling

• cash expenditure assessment

• risk management (interest rate risk, counterpart risk, bank reconciliation)

• monthly/quarterly reporting

• government - treasury management guidelines

231120