pwc
by
Kiattisak Jelatianranat
Chairman, The Institute of Internal Auditors of Thailand
Director, PricewaterhouseCoopers
Kiattisak
Jelatianranat
31 May 2000
2 nd Asian Roundtable on
Corporate Governance
1

pwc
Responsibility VS Accountability
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
2

pwc
Balanced Scorecard in Corporate Governance
3
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance

4 pwc
Balanced Responsibility …… legal & moral
Board “core” responsibilities……….
Kiattisak
2 nd Asian Roundtable on
Corporate Governance

pwc
Board Effectiveness x
Board initiative & Ownership of :
• Corporate governance framework
• Risk management system
• Internal control system
• Auditing x
Selection of CEO & senior management x
Oversight of CEO & senior management to establish
• Accounting system
• MIS
• Compliance program
• Operating systems
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
5

pwc
Why corporate governance matters ?
Sustainable
Growth
Pleasant
Working
Environment
Spirit
•
Effective governance, and
• Proper communication with your stakeholders
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
6

pwc
Searching for the upside of risk management
Value Chain VS Risk
Prevention Preservation Enhancement
Opportunity base-line
Uncertainty
7
Harzard
Kiattisak
Jelatianranat
31 May 2000
Risk is any issue which could impact your ability to meet your objectives
2 nd Asian Roundtable on
Corporate Governance

pwc
Risk ………..
•
Risk Assessment
- Identify
- Measure
- Prioritize
•
Risk Management
- Assess adequacy of existing controls
- Develop a control improvement plan
- Create a continuous program for objectives, risk and control assessment
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
8

pwc
Risk Management Action Options
Options
Fix Controls
Re-Engineer
Trainings
Transfer Risk
(Insurance)
Outsource the
Do nothing-Bet
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
9

pwc
Well-controlled Organizations
Key attributes of a well-controlled organization include :
# 1. Leadership of Board
# 2. Translation of strategic vision to day-to-day management
# 3. Communication of objectives & values to all levels
# 4. Individual accountability
# 5. Risk management system
# 6. Human resources reinforcement
# 7. Independent, objective and competent oversight
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
10

pwc
Risk & Control : The twin systems
Objective
• Define strategic risk
• Articulate risk philosophy
• Define values and behavioral expectations
Risk
• Assess risk
• Manage risk
Control
Alignment
• Assess existing controls
• Select control model
• Continuous communication
• Continuous program for ORC
• Develop a control improvement plan
Kiattisak
Jelatianranat
… Operations are dynamic and evolving...
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
11

pwc
Complexity of Value chain……..
• A board must have the capability to respond to and manage changes.
12
• “Risk Management” and “Business Control” are the first thing for any board consideration.
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance

pwc
Internal Control Learned in Real World
• Focus on “Soft Control” in assessing all of COSO’s
“Five Components” and “Three Objectives”.
• Soft Controls are subjective in nature, thus self-assessment is crucial for success.
• Implementation as an integral cultural change.
• Internal Control training is a “must”.
• Tailor practices to an organization to assure the surpassing expected benefits from the implementation.
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
13

pwc
COSO’s Internal Control Definition is a process
, effected by an entity’s people (board of directors, management, and other personnel), designed to provide reasonable assurance regarding the achievement of objectives in the following categories :
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
14
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance

pwc
Control Reality
• Focus on people and process , not merely policy manuals and forms
• Require dynamic and interactive evaluation techniques.
• Verifying compliance with policies and procedures is not sufficient
15
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance

pwc
Five Components of COSO’s Control Framework
• Control Environment : The Foundation on which everything rests.
• Risk Assessment : Aware of and deal with the risks it faces.
• Control Activities : Actions identified by management as necessary to address risks to achievement of objectives.
• Information & Communication : People to capture and exchange the information needed to conduct, manage and control operations.
• Monitoring : React dynamically, changing as condition warrant.
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance
16

pwc
From Backroom To Board Room
Organizations in the 21st Century must move internal control issues from their “Backroom” (Operating Level) to “Board
Room” (the strategic level)
17
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance

pwc
Internal Audit Paradigm Shift
Today internal auditors are management partners and
consultants to add values to the organization.
………. No longer as a watch dog or a policeman
18
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance

pwc
Internal Auditing Definition
1999
Definition : Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Traditional Definition :
Internal auditing is an independent appraisal function established within an organization to examine and evaluate its objectives as a service to the organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost.
19
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance

pwc
There is no alternative
Toward the new millennium environment :
Board of Directors and senior management have no alternative not to be the leadership and ownership of systems of risk management and internal control
20
Kiattisak
Jelatianranat
31 May 2000 2 nd Asian Roundtable on
Corporate Governance