Pillars in financial and accounting risk management.
Danescu, Tatiana ; Ducu, Corina-Maria
Abstract: Financial and accounting risk management is a key issue
without which an organization cannot achieve the set goals. Given this
context and the permanent desire to increase performance, we ask the
following question: what are the essential pillars that provide
financial and accounting risk management?
Key words: financial and accounting risk, internal control,
internal audit, risk management, corporate governance
1. INTRODUCTION
Financial and accounting risks are ubiquitous in
organizations' activity. Over time solutions have been sought as to
what constitutes the way in which the organizations' risks can be
controlled in order to remove their adverse effects. In this sense,
different activities have been identified to ensure the compliance with
the requirements imposed by various laws and regulations, as well as the
requirements established by the policies of the respective entities.
Such insurance activities that may be organized under the responsibility
of the corporate governance of an organization have led to internal
control and internal audit. The internal control has been called a
dynamic process that involves all levels of management aiming to obtain
reasonable assurance that the activities of the entity will be
accomplished. Since the internal control that ensures the perfect
operation of an organization is very expensive, and therefore
impractical, the internal control objectives are relative and unabsolute
in what the result of a reasonable assurance is regarded (Danescu,
2011). Therefore, the reform process in organizational management,
particularly that of the public sector organizations, greatly emphasizes
the organization of the internal audit (Mihailescu, 2010).
The internal audit activity, as an independent and objective
activity, ensures an entity about the degree of control over its
operations, whose purpose is "to assess the accuracy and
truthfulness of information, particularly the accounting ones; to ensure
the physical and accounting security of the operations; guarantee the
patrimony; to efficiently judge the effectiveness of the information
system" (Renard, 2003).
Lemant Olivier, claims that "the purpose of internal audit is
not to write reports, but to support the organization, the enterprise in
reaching objectives, even if it implies the performance of a report with
recommendations" (Lemant, 2002).
The French Institute of Internal Auditors believes that internal
auditing within a firm is "an independent activity of assessment
regarding the operational control".
The definition given in the International Standards for the
Professional Practice of Internal Auditing claims that "internal
auditing is an independent business designed to help improve the
effectiveness of risk management, control and governance processes"
(IIA, 1999).
2. RESEARCH METHODOLOGY
The research conducted to reach the established objective focused
on comprehensive documentation in the literature, in the Romanian
regulations applicable in Romania to the organizations that manage
venture capital, in the practice adopted under the responsibility of
those charged with corporate management to collect information for the
analysis of concepts, methods and procedures, which represent an object
of the activities that contribute to managing financial and accounting
risks within various entities. The approach has focused on the internal
control activities, risk management and internal audit. For all these,
the authors have used the description, implicit and explicit
comparisons, activity segregation, activity compilation, analyses upon
the policies and procedures that identify and monitor the financial and
accounting risks imposed or suggested by the regulations applicable in
Romania, and adopted by the option of the entities.
An important place in risk management was taken by the reasons and
the motivations that have been found and the conclusions that we have
formulated and are relevant to the established objective.
3. TRIPARTITE RELATIONSHIP: INTERNAL CONTROL--RISK
MANAGEMENT--INTERNAL AUDIT
The global changes, as well as the existence of a large number of
participants in the economic life of the organizations that manage
venture capital require risk management, in general, and financial and
accounting risk management, in particular, through efficient strategies
of identification, evaluation, treatment and management. The mission
taken on by the organizations becomes more and more difficult in the
context in which the participants at the organizational life have their
own interests that are divergent in many cases, sometimes even
contradictory (Danescu, 2007).
From the undertaken research, we believe that the adoption and
application of such a strategy can not be achieved without the
contribution of internal control, risk management and internal audit.
They describe the practical connection with the interrelated elements
that define a risk management network, whose importance is acknowledged
by the corporate leaders of the organization who can invest in an
important instrument to accomplish the mission of the organization which
manages venture capital.
An important target of corporate governance and management in this
network should be the internal control, mainly the one that focuses on
the constant organizational risks. The organizational activities will be
directed towards the accomplishment of the objectives established in the
organization through proper planning and organization of internal
control. Therefore, we believe that internal control should be primarily
seen as an architectural range of policies which requires the adoption
of applicable procedures that provide information and recommendations
regarding the requirements to be met by all personnel of the
organization in order to conduct the activities in the best conditions
for the proposed objectives. Secondly, we believe that internal control
should be invested in a well-defined hierarchical structure to provide
oversight of how the activities are conducted.
With reference to the internal control objectives we can mention:
the elimination of irregularities and fraud reduction, directing
management towards efficiency, effectiveness and economy; managing
activities that are subject to risks, implementing a culture regarding
the control environment within the entity; being aware of the importance
of the control system for the entity staff.
According to its objectives, internal control is a dynamic process
which must continuously change according to the economic and social
environment tailored to the activities in the organization.
Being permanently available to the management, the internal control
tools and techniques focus on risk management activities, which are
closely monitored through internal audit.
The purpose of internal audit implementation within the
organization is not only to provide reasonable assurance regarding the
compliance with laws, regulations and policies, but also to identify the
risks of the organization, to make recommendations regarding the
adoption of the best risk management solutions, management in general,
and financial and accounting risks, in particular.
The organization of internal control and internal audit is
influenced by the managers' style, by the risks, by the
organizational structure of a company. In Romania, according to the
current legislation, there are implemented risk management processes,
both in the public sector organizations and in other sectors. The
organizations are faced with a multitude of positive and negative,
internal and external risks that can never be fully considered. Risk
management, in particular financial and accounting risk management, is a
process that requires a lot of effort, but it is an essential component
in the success of the entity, helping to increase the added value. Every
manager must face various risk management problems, because, otherwise,
their work will have negative results.
Risk management requires the completion of certain steps, such as
(Ghita, Briciu, 2009):
--risk identification;
This activity aims to detect and record all risks. Once risks have
been identified they must designate people to manage and continuously
monitor those risks.
--risk assessment;
This means to identify and analyze the internal and external
factors that positively or negatively affect the organization's
objectives. Risk assessment should be an ongoing process because they
are constantly changing due to the environmental changes, pursuing new
goals, the emergence of new participants in the organization.
--risk control.
It involves taking the control and other activities in response to
the identified risks.
--risk analysis and reporting carried out in order to identify the
hazards of the audited entity, to prevent, eliminate or minimize them;
the internal control activity evaluation of the audited entity, as well
as management reports.
Both internal control and risk management try to identify and
manage financial and accounting risks in order to eliminate financial
losses and to have a clear image of the accounting system implemented
within the respective entity.
Through the activities they develop, the internal auditors have the
responsibility to monitor the internal control system of an
organization, to recommend policy makers how to maintain risks at an
acceptable level so as to ensure the smooth functioning of the
organization and achieve the established goals.
In this sense, we identify a tripartite relationship between
internal control, internal audit and an organization's risk
management. The relationship internal control--internal audit--risk
management offered through a mutual inter-conditioning in order to
manage risks properly, and also through the specificity of the internal
audit regarding the assessment of the internal control and risk
management processes achieved by the internal audit is presented in
Figure 1.
[FIGURE 1 OMITTED]
4. CONCLUSIONS
As it results from the conducted research, we consider that there
are three essential pillars of risk management within an organization,
especially those of financial and accounting risk management. These
pillars are internal control, risk management and internal audit. The
three pillars are not elements that operate independently, but they are
in a close interdependence which defines a tripartite relationship:
internal control--internal audit--risk management that can be used by an
organization to manage its financial and accounting risks in order to
provide assurance in terms of achieving the declared objectives.
5. REFERENCES
Danescu, T. (2007). Financial Audit--Convergences between Theory
and Practice, Irecson Publishing House, Bucharest, pp. 29-41
Danescu, T. (2011). Internal audit. Course notes, "Petru
Maior" University Publishing House, Targu Mures, pp. 14-26
Ghita, M.; Briciu, S. coord. (2009). Corporate governance and
internal audit, Aeternitas Publishing House, Alba Iulia, pp. 237-258,
processing and adaptation
Lemant, O. (2002). L'audit interne, Editeur E-theque, pp. 12
Mihailescu, I. (2010). Audit and internal control, Independenta
Economica Publishing House, Pitesti, pp. 15
Jacques, R. (2002). Theory and practice of the internal audit,
Editions d'Organisation, Paris, France, translated into Romanian by
a PHARE project, under the coordination of the Department of Public
Finance, Bucharest, 2003, pp 15
*** Professional Standards of Internal Audit
http://www.aair.ro/new4/fisiere/standarde_romana/Standar de_IIA_rom.pdf,
site accessed on 20.03.2011)