Beruflich Dokumente
Kultur Dokumente
Structure of Presentation
Background to the paper
Cases & methodology
Key findings- similarities & differences
Contingency explanation of variations
Conclusion
Background
Cases
Tesco
RBS
Department of Culture Media &
Sport
Birmingham City Council
Methodology
Contribution to the
Literature
Definitions (1)
Management Control
the process by which managers ensure that resources are
obtained and used effectively and efficiently in the accomplishment
of the organisations objectives. (Anthony, 1965)
Risks
uncertain future events which could influence the achievement of
the organisations strategic, operational and financial objectives.
(IFAC,1999)
Risk Management
process of understanding and managing the risks that the entity is
inevitably subject to in attempting to achieve its corporate
objectives.
(CIMA 2005)
Definitions (2)
Public versus private organisations
Ownership
Source of financial resources
Model of social control ( market v polyarchy)
Power (2004)
Risk management & standardised practices now central to both public & private
sector organisations
Power (2009)
Basic risk management structures are common across all large organisations
(private sector only)
Miller et al (2008)
Collier et al (2006)
Anecdotal evidence that public sector risk management is distinctive & different
Need to shift from rule based compliance to use of critical imagination in risk
management
Mikes (2009)
Key Findings
but
and
Similarities
Perceived role of risk
management
Timing of the
formalisation of systems
Overall methodologies or
models
Risk management tools
ICT support
Control via self
assessment
Differences
Application of the models
and tools
Similarities (1):
Perceived Role of Risk
Management
Tesco
One of the reasons we are a successful company is because of risk management.
RBS
At the end of the day, risk management is nothing other than good husbandry on how
you
drive your business forward.
DCMS
Risk management is concerned with the culture, processes and structures directed
towards the effective management of potential opportunities and threats to the
Department achieving its objectives.
Similarities (2)
Timing of the formalisation of risk management systems:
COSO (1992)
Cadbury Code (1992)
Similarities (3):
Generic Risk Management
Methodologies
Identify
Source
Measure
Mitigate
Monitor
Similarities (4):
SystemTools
Assessment & Evaluation
Likelihood consequences matrices
Traffic lights
Response
Risk registers
Ownership
Escalation of responsibilities
High
Significant
Medium
6, 14
Low
Low
Medium
Significant
High
IMPACT
Similarities (5):
ICT Support
Similarities (6):
Self Assessment
Private Sector
Combined Code, Section C2, p.14
The board should, at least annually, conduct a review of the
effectiveness of the groups system of internal controls and
should
report to shareholders that they have done so. The review
should
cover all material controls, including financial, operational and
compliance controls and risk management system.
Public Sector
Statement of Internal Control standard format (DAO,2003):
For the year ended 31 March 2009, that opinion concluded
that there were no significant control issues arising that
require disclosure in this Statement.
NOTE MAJOR DIFFERENCE IN DETAIL!!!!
Differences (2):
Dependence upon
quantitative tools
Tesco
people do it without
actually knowing they
are doing it, its part of
their accountabilities.
They are held to account.
We monitor things on
such a micro level.
Birmingham
Forms part of the CPA
evaluation and is risk
forms part of individual
performance review at
operational levels.
Divorced
RBS:
Risk management
defined by compliance
with regulatory targets.
Bonus culture separates
remuneration from risk
exposure.
Problem
Contingency
Explanation for
different levels of use
Complexity of Business
Model
Organisational Culture
& Informal Controls
Ouchi (1979) clan controls
Is performance against objectives
high on the agenda and pervasive?
e.g.Tesco slogans; shelf stacker
Is performance measured purely in
financial terms & shareholder value?
Risk champions
Isolated risk function RBS 5 th Floor
Criteria Used to
Evaluate Risk
Management
Two different mindsets:
are we within prescribed risk
boundaries laid down either
externally or internally?
OR
are we achieving the results we
promised
Conclusion
Simons (1991)
Control systems may be diagnostic or
interactive.