会计学外文翻译外文文献英文文献审计风险管理

文献、资料题目：Auditing Risk Man ageme nt:

Fine in Theory but who can do

it In Practice?

文献、资料来源：Intern atio nal Jour nal of Audit ing

文献、资料发表(出版)日期：20066

外文文献：

Auditing Risk Management: Fine in Theory but who can do it in Practice?

This paper investigates risk management structures in organizations and

how these comply with best practice in corporate governance. We carried out an exploratory study (in 2001) of four large public and private sector organizations in the Un ited Kin gdom .In terviews were con ducted with risk man agers and internal auditors to ascerta in the exte nt to which emerg ing structures complied with the Turn bull Guida nee to the Comb ined Code.

We found that structures are in place to deliver a sound system of internal control including risk management. Internal auditors and risk managers are both invoIved but their respective roles are often not sufficiently well to avoid overlaps and gaps. We also found that several of the orga ni zatio ns studied rely on exter nal auditors to con duct the required annual review of risk man ageme nt.

Key words: bus in ess risk assessme nt,Comb ined Code, corporate gover nan ce, disclosure, internal audit, internal con trol, risk assessme nt, risk man ageme nt.

SUMMARY

In the UK risk management has come to the fore in the wake of the Combined Code of best practice in corporate governance (1998,the Combined Code), as expa nded by the Turn bull Guida nee of 1999. From acco un ti ng periods ending on or after 23rd December 2000, UK listed compa nies are required to con duct a review of

their procedures to ensure that any threats to the organization have been systematically identified, carefully evaluated and effectively controlled. They must make a statement to that effect in their annual financial statements. The Combined Code has also influenced statements of good practice in the public sector. Corporate gover nance is thus exte nded to con siderati on of all bus in ess risk—operati on al, finan cial and complianee -which may prevent an organization from achieving its objectives. In other words, internal control must now include risk management. To meet this responsibility, organizations require adapt and combine the expertise of existing internal audit with that of risk management functions and relate the resulting effort to the business and operational needs of the organization.

This exploratory study examines the policies and structures adopted by organisations for identifying, controlling and reporting on risks. Four organisations were studied in 2001, covering the private and public sectors. Internal auditors and risk managers were questioned on their organisations r'isk management policies and the scope of their respective responsibilities. The structures in place and the backgrounds and responsibilities of the various players are discussed. Overall a range of approaches was found and differences between the public and private sector organisations became apparent.

The responses were mapped on to the provisions of the Combined Code and relevant sections of the Turnbull guidance. This revealed areas where procedures were incomplete. While structures were in place to enable the delivery of a sound system of internal control including risk management, overlaps and gaps were apparent in all four of the organisations studied. Further, our mapping reveals that three of the four organisations rely on external auditors to address the issue of independent review. This annual review forms part of the disclosure requirements in annual financial statements in the private and public sectors.

On the basis of our findings in the exploratory study recommendations are made for procedures which enable organisations to comply with all provisions of the Combined Code relating to internal control including risk management.

Historically, internal control systems are seen as the province of accountants, and are reviewed by internal and external auditors. Risk management is a newer field. The term was first coined in the 1950s by large American corporations seeking alternatives to costly or inadequate insurance cover. Although risk management began to develop as a distinct field of