The Linkage between Risk Management and Internal Controls

Overview

We will look at both risk management and internal controls in detail in later Chapters of the book. It is useful at the outset, however, to set out some fundamental points regarding risk and controls and how the two inter-relate. Directors and managers need a good understanding of how this relationship works if their organisations are going to be able to manage fraud risk effectively. My discussions with delegates on the courses suggest that there may be some confusion as to how risk and controls actually relate to each other in practice, particularly for those who are not from a financial or an accounting background.

So, here are five key ideas that directors and managers should always bear in mind when looking at risk and controls:

• Risk, broadly defined, means uncertainty. In a business context risk equates to “uncertainty of outcome”. If a company knew for certain what was going to happen in the future there would be no risk, but of course this is not possible. Consequently, risk must be managed.
• Risk should be optimised, rather than minimised. That is to say, every business should be looking to optimise the amount of risk it is prepared to accept in the pursuit of value, with the crucial reference point always being the risk appetite of each individual business. We consider the concept of risk appetite further in Chapter 4. Businesses will never be able to grow or achieve their corporate objectives simply by ...