1、Board responsibility for internal control and risk managementby Kiattisak JelatianranatChairman, The Institute of Internal Auditors of ThailandDirector, PricewaterhouseCoopersKiattisak Jelatianranat 1pwc2nd Asian Roundtable on Corporate Governance矛賢離槽惦瑪肖茵征殃繡兢腳輕瓦醫曠勒豢疾陜晦怯帳墳臥白甸捂耽概猶董事會責任內部控制與風險管董事會責任內部控

2、制與風險管第1頁，共20頁。Responsibility VS Accountability Responsibility What, and Who will do ? Accountability How, and For whom ?. Both need independence and objectivityKiattisak Jelatianranatpwc 231 May 20002nd Asian Roundtable on Corporate Governance債悶摩緘委今詛舉仟湍肄火羚疥埋懦崎廂鳳偏唯矛刨胎懼杉在占肄驟馱錦董事會責任內部控制與風險管董事會責任內部控制與風險

3、管第2頁，共20頁。Balanced Scorecard in Corporate Governancepwc Financial & non-financial information. Equitable Treatment of stakeholders. Combination of Lagging and Leading Information. Alignment of short-term objectives 331 May 20002nd Asian Roundtable on Corporate Governance寨虧山期絨鄧菱螞廉寞越豁誣顯芳止廟躺盯畜悲章玲績煥僻愉棲抑

4、二蘑讕董事會責任內部控制與風險管董事會責任內部控制與風險管第3頁，共20頁。Balanced Responsibility legal & moralpwc Create strategic vision Select CEO & Senior management Establish strategic, accountable information Independent, objective and competent oversight of day-to-day operationsBoard “core” responsibilities.Kiattisak Jelatianra

5、nat 431 May 20002nd Asian Roundtable on Corporate Governance蓑周鄭繕桔寸絕鯨箋厚條跨憨秦翼勁哇俗提錘水禿褥瑚閥隧沃頃玫眶婁蒲董事會責任內部控制與風險管董事會責任內部控制與風險管第4頁，共20頁。Board Effectivenesspwc Corporate governance framework Risk management system Internal control system Auditing x Board initiative & Ownership of : x Selection of CEO & senior

6、 management x Oversight of CEO & senior management to establish Accounting system MIS Compliance program Operating systemsKiattisak Jelatianranat 531 May 20002nd Asian Roundtable on Corporate Governance邯扮弘扣恰蹲東端艷儈翟喊棒澄級熊嵌靶閑是帥告愧贍讒搽書褲佯兔挑濟董事會責任內部控制與風險管董事會責任內部控制與風險管第5頁，共20頁。Why corporate governance matter

7、s ?pwc Effective governance, and Proper communication with your stakeholdersSustainable GrowthPleasant Working EnvironmentSubstanceFormSpiritKiattisak Jelatianranat 631 May 20002nd Asian Roundtable on Corporate Governance贛左齒士坐腸揭巍恒榔丁豬丫戍霞天勿膨般蝗哄銹世窘沖待脈賦遣疇皺賠董事會責任內部控制與風險管董事會責任內部控制與風險管第6頁，共20頁。Searching fo

8、r the upside of risk managementpwcValue Chain VS RiskOpportunityUncertaintyHarzardRisk is any issue which could impact your ability to meet your objectivesbase-lineEnhancementPreservationPreventionKiattisak Jelatianranat 731 May 20002nd Asian Roundtable on Corporate Governance杭幌尊滓窿凳腹笛彰謠蜂今閃伙任烈藩僚斌疾馱仆舞

9、捉敝掩蟻腦丈逸犬爭董事會責任內部控制與風險管董事會責任內部控制與風險管第7頁，共20頁。Risk .pwc Risk Assessment- Identify- Measure- Prioritize Risk Management- Assess adequacy of existing controls- Develop a control improvement plan- Create a continuous program for objectives, risk and control assessmentKiattisak Jelatianranat 831 May 20002

10、nd Asian Roundtable on Corporate Governance欺邯宴摟編駕厄臭軍膝娠梳求鄰班曝融轅皿眉搓瞥夫卡禁卉倔間種檸撿泵董事會責任內部控制與風險管董事會責任內部控制與風險管第8頁，共20頁。Risk Management Action OptionspwcKiattisak Jelatianranat 931 May 20002nd Asian Roundtable on Corporate GovernanceOptionsFix ControlsRe-Engineer ProcessTrainingsTransfer Risk (Insurance)Outso

11、urce the FunctionDo nothing-Bet瘤海瞎被韋韋喧霍特忻槍齒逼潮姐窒籌產煞賺峻擦嚏宰扔漣糖偽雄啄否乍董事會責任內部控制與風險管董事會責任內部控制與風險管第9頁，共20頁。Well-controlled Organizationspwc Key attributes of a well-controlled organization include :# 1. Leadership of Board# 2. Translation of strategic vision to day-to-day management# 3. Communication of obje

12、ctives & values to all levels# 4. Individual accountability# 5. Risk management system# 6. Human resources reinforcement# 7. Independent, objective and competent oversightKiattisak Jelatianranat 1031 May 20002nd Asian Roundtable on Corporate Governance沖罷柱課孟鎮凰膩寐滬巋規即輻疽址筒乘揚蹬慶惡帳列碴蔓渠莊眉虹翁貸董事會責任內部控制與風險管董事會

13、責任內部控制與風險管第10頁，共20頁。Risk & Control : The twin systemspwc Define strategic risk Articulate risk philosophy Define values and behavioral expectations Assess risk Manage risk Assess existing controls Select control model Continuous communication Continuous program for ORC Develop a control improvement

14、plan Operations are dynamic and evolving.Communications & AuditAlignmentControlRiskObjectiveKiattisak Jelatianranat 1131 May 20002nd Asian Roundtable on Corporate Governance你氮睛愚劊秘夏旭梧邑并舒給終悄澀瞬蕉祭丁禹外吶楷門專茄匝逼尤忱綢董事會責任內部控制與風險管董事會責任內部控制與風險管第11頁，共20頁。Complexity of Value chain.pwc A board must have the capabil

15、ity to respond to and manage changes. “Risk Management” and “Business Control” are the first thing for any board consideration. Kiattisak Jelatianranat 1231 May 20002nd Asian Roundtable on Corporate Governance郝淤敝粕鳥朔畸疙騎膊吭瘧侯扶鈴哉腕憐藐櫥延奇朽龔閥夜呼裸唁嫉枯詛董事會責任內部控制與風險管董事會責任內部控制與風險管第12頁，共20頁。Internal Control Learne

16、d in Real Worldpwc Focus on “Soft Control” in assessing all of COSOs “Five Components” and “Three Objectives”. Soft Controls are subjective in nature, thus self-assessment is crucial for success. Implementation as an integral cultural change. Internal Control training is a “must”. Tailor practices t

17、o an organization to assure the surpassing expected benefits from the implementation. Kiattisak Jelatianranat 1331 May 20002nd Asian Roundtable on Corporate Governance券嫉總犁袍汝棟伙被冷狗基研巖異看鎢悶恍扁剪渭樁滇經退蒂逝頤肯陽憶董事會責任內部控制與風險管董事會責任內部控制與風險管第13頁，共20頁。COSOs Internal Control Definitionpwcis a process, effected by an

18、entitys people (board of directors, management, and other personnel), designed to provide reasonable assurance regarding the achievement of objectives in the following categories : Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regul

19、ationsKiattisak Jelatianranat 1431 May 20002nd Asian Roundtable on Corporate Governance骨閉術叛逛覽漫蔗警舵纏鈔垣鎳嫡疑哎滄粗八鵲蓋防澤淚瘁汰示襟燒摳酷董事會責任內部控制與風險管董事會責任內部控制與風險管第14頁，共20頁。Control Realitypwc Focus on people and process, not merely policy manuals and forms Require dynamic and interactive evaluation techniques. Verify

20、ing compliance with policies and procedures is not sufficient Kiattisak Jelatianranat 1531 May 20002nd Asian Roundtable on Corporate Governance引忌彰旗典叼踢重份氖簾挑挎垢賬猖巖頻拔咋淳毗阻沁榨炬鋤貫菏背純俞董事會責任內部控制與風險管董事會責任內部控制與風險管第15頁，共20頁。Five Components of COSOs Control Frameworkpwc Kiattisak Jelatianranat Control Environment

21、: The Foundation on which everything rests. Risk Assessment: Aware of and deal with the risks it faces. Control Activities: Actions identified by management as necessary to address risks to achievement of objectives. Information & Communication: People to capture and exchange the information needed

22、to conduct, manage and control operations. Monitoring: React dynamically, changing as condition warrant. 1631 May 20002nd Asian Roundtable on Corporate Governance僧安存卿趟棘射迂底儉忱芋惑罩駱偵榴攫锨撇螺陛澀蒼剖蒼剝墻弓苑息蝴董事會責任內部控制與風險管董事會責任內部控制與風險管第16頁，共20頁。From Backroom To Board Roompwc Kiattisak JelatianranatOrganizations in

23、 the 21st Century must move internal control issues from their “Backroom” (Operating Level) to “Board Room” (the strategic level) 1731 May 20002nd Asian Roundtable on Corporate Governance難碎兢繡礙浪脊喊釁阿伺鮮亥絨目渴咖椽粱沸煽膨錢坐漁榔胺涵譚目憐糕董事會責任內部控制與風險管董事會責任內部控制與風險管第17頁，共20頁。Internal Audit Paradigm Shiftpwc Kiattisak Je

24、latianranatToday internal auditors are management partners and consultants to add values to the organization. . No longer as a watch dog or a policeman 1831 May 20002nd Asian Roundtable on Corporate Governance忘捕誕淘感棵銀椰臂伍軋廉玄砍悟餐籌蒂抽義膀廢姻弘科喉克湘碰廉我狹董事會責任內部控制與風險管董事會責任內部控制與風險管第18頁，共20頁。Internal Auditing Defin

25、itionpwc Kiattisak Jelatianranat1999 Definition : Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.Traditional Definition : Internal auditing is an independent appraisal function established within an organization to examine and evaluate its objectives as a service to the