Risk based approached to assess internal control over financial reporting

Risk Management

Risk management refers to the management process of how to minimize the adverse effects
that risks may cause in a project or enterprise in a risky environment. Risk management is very
important for modern enterprises.

When companies face market opening, the lifting of laws and regulations, and product
innovation , they all increase the degree of change and volatility, which in turn increases the risk
of operations . Good risk management helps reduce the probability of making mistakes, avoid the
possibility of loss, and relatively increase the added value of the enterprise itself.

Risk management includes risk measurement, evaluation and contingency strategies. The

ideal risk management is a series of prioritization processes, so that the things that can cause the
greatest loss and the most likely occurrence are dealt with first, while the things with relatively
low risks are postponed.

In reality, the optimization process is often difficult to decide, because the risk and the
probability of occurrence are usually not consistent, so we must weigh the proportion of the two
in order to make the most appropriate decision.

Risk management also has to face the problem of effective resource utilization. This
involves opportunity cost (opportunity cost) factors. Using resources for risk management may
reduce the resources that can be used for rewarding activities; and ideal risk management is
hoping to spend the least resources to resolve the biggest crisis as much as possible .

Concept
Risk management is a social organization or individual to reduce the risk of a negative
outcome of the decision-making process, through risk identification , risk estimation , risk
evaluation price , and select the optimal combination of various risk management techniques On
this basis, effective control of risk And properly handle the consequences of the loss caused by
the risk, so as to obtain the greatest safety guarantee at the least cost . The specific content of the
meaning of risk management includes:

1. The object of risk management is risk.

 2. The subject of risk management can be any organization or individual, including
individuals, families, and organizations (including for-profit organizations and non-profit
organizations).

3. The process of risk management includes risk identification, risk estimation, risk

evaluation , selection of risk management techniques, and evaluation of risk management effects.

4. The basic goal of risk management is to obtain the greatest security at the lowest cost.

5. Risk management has become an independent management system and an emerging

discipline .

The specific goals of risk management also need to be linked to the occurrence of risk
events . From another perspective, it can be divided into two types : pre-damage goals and post-
damage goals .

(1) Pre-loss target

① Economic goals. Companies should use the most economical method to prevent

potential losses, that is, before the actual occurrence of the risk accident, the entire risk
management plan, program and measures must be the most economical and reasonable, which
requires the cost of safety plans, insurance and loss prevention technology Perform accurate
analysis.

②Safety status goal. The goal of the security situation is to control the risk within an

acceptable range. Risk managers must make people aware of the existence of risks, rather than
concealing them. This will help people increase their safety awareness, prevent risks, and
actively cooperate with the implementation of risk management plans.

③ Legitimacy goals. Risk managers must pay close attention to various laws and
regulations related to business operations, and review the legality of each business activity and
contract, so as not to cause the company to suffer financial, talent, time, and reputation losses,
and to ensure that the company The legality of production and business activities.

④Fulfill the corporate responsibility goals assigned by the outside world. For example,
government regulations can require companies to install safety facilities to prevent work-related
injuries . Similarly, creditors of a company can require that the collateral for loans must be
insured.
Classification
Risk management is mainly divided into two categories:

Operational management risk management mainly studies the management of risks faced by

all enterprises, such as political, economic, and social changes.

Insurance-based risk management mainly takes insurable risks as the object of risk

management, puts insurance management at the core, and uses safety management as a
supplementary means.

the goal. The specific goals of risk management also need to be linked to the occurrence
of risk events . From another perspective, it can be divided into two types : pre-damage
goals and post-damage goals .

(1) Pre-loss target

① Economic goals. Companies should use the most economical method to prevent

potential losses, that is, before the actual occurrence of the risk accident, the entire risk
management plan, program and measures must be the most economical and reasonable, which
requires the cost of safety plans, insurance and loss prevention technology Perform accurate
analysis.

②Safety status goal. The goal of the security situation is to control the risk within an

acceptable range. Risk managers must make people aware of the existence of risks, rather than
concealing them. This will help people increase their safety awareness, prevent risks, and
actively cooperate with the implementation of risk management plans.

③ Legitimacy goals. Risk managers must pay close attention to various laws and
regulations related to business operations, and review the legality of each business activity and
contract, so as not to cause the company to suffer financial, talent, time, and reputation losses,
and to ensure that the company The legality of production and business activities.

④Fulfill the corporate responsibility goals assigned by the outside world. For example,
government regulations can require companies to install safety facilities to prevent work-related
injuries . Similarly, creditors of a company can require that the collateral for loans must be
insured.

(2) Target after damage

① Survival goal. Once a risk event occurs unfortunately , causing losses to the enterprise,

the most basic and main goal of risk management after the loss is to survive. Achieving this goal
means that through risk management, people have sufficient resilience and disaster relief
capabilities, so that enterprises, individuals, families, and even the entire society can withstand
the blow of losses, and will not be greatly injured by natural disasters or accidents.
Depressed. Achieving the goal of survival is the prerequisite for the subject of disaster risk to
partially resume production or operation within a reasonable period of time after the loss occurs.

②Maintain the continuity goal of the enterprise's production and operation. The occurrence
of risk events has brought different degrees of loss and harm to people, affecting normal
production and business activities and people's normal life. In severe cases, production and life
can be paralyzed. It is particularly important for public utilities, and these units are obliged to
provide uninterrupted services.

③The goal of stable income. Maintaining the continuity of business operations can achieve
the goal of stable income, so that the company's guaranteed special production continues to
grow. For most investors, a company with stable returns is more attractive than a high-risk
company. Stable income means the normal development of the enterprise. In order to achieve the
goal of stable income, the enterprise must increase risk management expenditure.

④ Social responsibility goals. Minimize the negative impact of damage to others and the
entire society as much as possible, because a serious loss that a company suffers will affect the
interests of employees, customers, suppliers, creditors, tax authorities and the entire society. In
order to achieve the above goals, risk managers must identify risks, analyze risks, and choose
appropriate methods and measures to deal with risk losses .

The determination of risk management objectives generally needs to meet the following

basic requirements:

(1) The consistency of the risk management objective and the overall objective of the risk
management subject (such as the production enterprise or the owner of the construction project ).

(2) The reality of the goal, that is, the objective possibility of its realization must be fully
considered when determining the goal.

(3) The clarity of the goal, that is, the correct selection and implementation of various
programs, and the objective evaluation of their effects.

(4) The level of the goal, starting from the overall goal, according to the importance of the
goal, distinguish the priority of risk management goals, in order to improve the overall effect of
risk management.
Methods of Risk Assessment Procedures in Internal Control Based on Financial Report

When enterprises conduct risk assessment with financial reporting internal control as the core,
they should focus on the risks related to financial reporting internal control, systematically
collect relevant information, and timely identify, systematically analyze, and evaluate risks
related to the achievement of financial reporting control objectives in business activities.
Reasonably determine the risk response strategy.

The risk assessment of comprehensive risk management mainly goes through four basic
procedures: target setting, risk identification, risk analysis, and risk response. The risk
assessment procedures related to internal control of financial reporting are not substantially
different in concept from the procedures of comprehensive risk management, but specific
assessments The process and methods are clearer, that is, taking full account of the particularity
of internal control of financial reporting, starting from the important subjects of financial
statements, and selecting important processes and business units based on the company's own
situation to complete the risk assessment of internal control construction. The main steps of
financial reporting internal control risk assessment include:

Step 1: Calculate the level of importance of the consolidated financial statements

The determination of the level of materiality usually takes the economic decisions that may
affect the users of the financial statements as the starting point and is determined in accordance
with a certain proportion of a certain financial index. To determine the plan's importance level
and tolerable error, it is necessary to determine the benchmark (date), and determine the
importance level indicators and standards. At the same time, in addition to the level of
importance at the statement level, it is also necessary to consider the level of importance of
various transactions, account balances, and presentation identification levels, which are generally
referred to as tolerable errors.

Step 2: Identify important accounting subjects at the level of consolidated financial statements
Starting from the financial statement level, according to certain standards to identify accounts,
the following elements can be considered in the identification process:

· Accounting subjects are composed of complex components;

· Easy to be manipulated or suffer losses due to errors or fraud;

· The nature of the accounting subjects is special, it is easy to hide errors, and needs more
attention;

· Large transaction volume occurred;

· Involve complex accounting treatments and disclosure requirements;

· Account balance involves subjective judgment;

· There are related party transactions;

· Changes in the external environment (for example, laws and regulations, accounting standards)
or reporting requirements in the current period;

· The possibility of major contingent liabilities caused by operating activities reflected in the
accounting subjects.

Step 3: Identify key business processes and match them with important accounting subjects
A key business process refers to a business process that has a significant impact on a major
account and presentation and related determinations. In the specific work, it is necessary to
identify the key business processes related to the identification that affect each major account
and major presentation, and it is necessary to match the identified key business processes with
important accounting subjects.

Step 4: Identify the coverage area of the business unit

The organizational forms of enterprises are diversified. Whether it is from the perspective of
organizational structure or business distribution, the key business processes are all
complicated. On the basis of confirming the key business process, the organization involved in
the business unit should be sorted out in combination with the business distribution, and the
organization scope of the risk assessment should be determined.

Step 5: Understand the source of potential misstatements and identify related controls
The risk assessment based on financial reports mainly considers the risks related to the
achievement of financial reporting control objectives in the aforementioned key processes. To
identify such risks, you should first restore the current status of management and control of each
key business process, understand the source of potential misstatements and identify related
controls, and carry out risk identification, analysis, and evaluation on this basis.
In summary, the risk in the process of building internal control for financial reporting mainly
refers to the possibility of material misstatement that may lead to important accounting items and
disclosures. Important accounting subjects and disclosures are generated through the business
process/sub-process of the company. If the relevant risks cannot be effectively controlled
through internal control placed in the business process/sub-process, the possibility of
misstatement will increase. Management and auditors must confirm business processes/sub-
processes and conduct risk assessments to assess the scope of internal control in each area

The Purpose of Financial Ratios

Financial ratios are the performance metrics that give you information about the health of your
business. They tell you if your business is as profitable as it should be and whether you have
 enough liquidity to pay your debts. These performance gauges fall into four kinds:
profitability, liquidity, leverage and operations

Measures of Profitability

How profitable is your business? These metrics show profit results at several points on the
income statement:

 Gross profit margin measures the productivity of your manufacturing or services

operations. It is calculated by subtracting the direct labor and material costs of production from
sales.

 Earnings before interest and taxes, EBIT, measures profits after deductions for fixed
expenses but before deductions for interest costs from financing arrangements and taxes. This
ratio shows the profit-producing ability of the business before the expenses from financial
structures and tax planning.

 Net profits are the final results after paying all expenses. This is the figure that most
investors and creditors look at.

Indicators for Liquidity

The primary purpose of the liquidity ratios is to determine the ability of the company to fund
its operations and pay its bills on due dates. These are the most common measures:

 Current ratio is found by dividing current assets by current liabilities. A comfortable

ratio is 2:1. The due dates of current liabilities are fixed while the cash conversion cycle from
inventory to accounts receivable to cash is less than perfect. Thus, a safe ratio is to have more
in current assets than liabilities to allow for disruptions in cash flow.

 Acid test is a stricter test of liquidity than the current ratio. It measures the ability of the
company to pay current debts with only quick assets of cash and current receivables. A ratio of
1:1 means that the company has enough quick assets to pay current liabilities without selling
any long-term assets.

 Working capital is current assets less current liabilities. Companies with positive cash
flows should always have increases in working capital.

Leverage Ratios

While increasing debt will improve the return on equity, it also increases risks. Firms with high
debt levels are less able to weather economic downturns and declines in sales.

 Debt-to-equity is the ratio that lenders will look at when gauging the risks of extending
more credit. They like to see debt-to-equity ratios around or less than 1:1.
 Debt-to-assets indicates the amount of assets financed by debt instead of owner's
equity.

Performance of Operations

Operations must run smoothly and efficiently to earn profits and maintain liquidity. These
metrics are indicators of how well a company turns over its assets in the cash flow cycle:

 Accounts receivable turnover measures the efficiency of a company at collecting

payments from its customers. A company needs to collect its receivables quickly to have cash
for paying bills and purchasing more inventory.

 Inventory turnover is a major focus of management because companies often have large
amounts of money invested in inventory.

What Are the Uses of Financial Ratios?

Now that you know the most important financial ratios, how can they help you run your
business better? Here are several ways:

 Ratios identify problem areas that need attention. For example, a current ratio less than
2:1 should alert you to a potential liquidity problem.

 Comparisons of your company's ratios with industry standards will highlight areas that
need improvement to stay competitive. The method of evaluating the firm's performance over
time with industry benchmarks is known as comparative analysis.

 Depending on your goals, financial ratios can give you more insight for analyzing
results. For instance, if you've just introduced a new product, inventory turnover will receive
special attention.

 Trends from changes in financial ratios could form the foundation for new policies and
strategic planning. A decline in your gross profit margin, as an example, might indicate a need
to change the focus of your product mix or to look for lower prices from other suppliers.

Financial ratios are like the instruments on the dashboard of your car. They tell if the engine,
known as your company, is running smoothly or if something is sputtering and needs attention.
Paying attention to these indicators will help to keep your business on the path to prosperity
and profits.

Techniques of Financial Statement Analysis

Accounting Analysis Tools

Accountants typically prepare four types of financial statements for a business:

 the income statement
 a balance sheet
 a statement of cash flows
 a statement of changes in shareholders' equity

A number of different ratios and financial analysis tools and techniques can be taken from the
financial statements and can give business owners, analysts and creditors a view of the
performance and strength of a company.

These accounting analysis tools cover:

 profits
 liquidity
 activity
 leverage 
 valuation

Balance Sheet Ratios

Ratios calculated using information from the balance sheet, also called liquidity ratios, indicate
the ability of a company to turn its assets into cash. They include current ratios, quick ratios
and leverage ratios.

Income Statement Ratios

Income statement ratios measure profitability. Comparison of these business ratios to those of
similar businesses can reveal the relative strengths or weaknesses.

Cash Flow Ratios

These ratios tend to be favored more by analysts than auditors. They are used to evaluate risk
and can provide a more accurate determination of a company to satisfy its current and future
obligations. Cash flow ratios are useful in highlighting potential problem areas

Conclusion

Every industry different behavior and has parameters which makes them different. All we need
to focus carefully which techniques relevant and approaches for internal control over financial
reporting. Many organization bankrupt due to lack of internal control over financial reporting.
First of all, consider the business nature and see how the ratios changes accordingly,
transparency in financial statement and have strong internal control. Oil industry has different
risk while FMGC has different risk. Furthermore, most common steps for Risk based approached
to assess internal control over financial reporting are Calculate the level of importance of the
consolidated financial statements, Identify important accounting subjects at the level of
consolidated financial statements, Identify key business processes and match them with
important accounting subjects, Identify the coverage area of the business unit, Understand the
source of potential misstatements and identify related controls and carefully focus on profits,
liquidity, activity, leverage and valuation.