安永—管理财务风险

EXECUTIVEINSIGHTManagingFinancialRiskAChecklistforBoardMembers!@#1MANAGINGFINANCIALRISK:ACHECKLISTFORBOARDMEMBERSInrecentyears,therehasbeenmuchpublicityaboutthelossesassociatedwithderivativeinstrumentsandotherfinancialtransactions.Theseincidentshighlighttheneedtomoreclearlydefinetheroleofboardsofdirectorsinthecorporategovernanceandoversightarea.However,inmanyofthesesituations,boardmem-bersmightnothavebeensufficientlyawareoftheintricaciesofthetransactionstovoiceaninformedopinionontheirappropriateness.Byfollowingtwogeneralguidelines,companieswillpropelthemselvesfurtheralongthanmanyaretoday:1.Recognizethedistinctionintheuseoftheterm“oversight”ratherthan“controls.”Insomewell-publicizedinstances,companiesdidhavepoliciesandproceduresinplacethatprohibitedtheactionsthatcausedthelosses,yettransactionswereexecuteddespitethesepolicies.Companiesmustrecognizethatitisnotenoughtohavedocumentationdeclaringcertainactivitiesunac-ceptable;rather,theymustalsohaveanoversightprocessinplacetoensuretheeffectivenessofinternalcontrolsandtheenforcementofthepoli-ciesandprocedures.Inshort,theyneedasystemofchecksandbalancesthatcanensurethatunau-thorizedactivitiesdonotandcannotoccur.2.Developconsistentmeasuresforcompany-widerisk.It’snotpossibleorpracticalforeachboardmembertohavedetailedknowledgeofallaspectsofcomplexfinancialtransactions;norisitwisetoeliminatetheirusesimplybecausethisknowledgelevelisabsent.Rather,measuresofpotentialriskcausedbytransactionsandunder-lyingbusinessexposuresmustbeprovidedtoseniormanagementandtheboardtoallowanassessmentofwhetherthislevelofriskisappropriateforthecompanyanditsobjectives.ResponsibilityoftheBoardTheSarbanes-OxleyActformalizestheimportantrolethattheboardmustplayintherisk-managementprocess.Theboard’sresponsibilityistooverseeaninfrastructurethatcandefine,analyze,measure,andreportontheeffectivecontrolofriskinherentinthecompany’sunderlyingfinancialactivitiesandtheinstrumentsusedtomanagerisk.Theoutputofthisinfrastructuremustbesynthesizedintoclearlydefinedandunderstoodmeasuresthattheboardcanevaluateand,ifnecessary,imposeitsoversight.Themethodologynecessarytodevelopthisinfrastructureiswheretheresponsibilityoftheboardtakesongreaterdimensions.IfitfeelsitlackstheexpertisetoToincreaseprofitabilitywhilemanagingriskintoday’sbusinessandregulatoryenvironment,allcompaniesmustdevelopformalcontrolandoversightproceduresatthemostseniorlevels.2analyzetheunderlyingriskelementsitself,itshouldconsidergoingoutsidethecompanytofindquali-fied,objectivesourcesofassistance.Board-levelriskdefinitioneffortsshouldincludethedevelopmentofacustomizedmeasurement,eval-uation,andreportingprocessthatfitsthecompany’s:◗Risktolerances◗Levelofcomplexity◗Viewofmateriality◗Degreeofcentralizationordecentralization◗DesiredlevelofdetailTheboardmustdesignaniterativeprocessandevolvetoabestpracticesapproach,meetingtheneedsofthecompanywhiletakingintoaccountitsownlimitations.Inadditiontoestablishingariskmeasurementandreportingprocess,theauditcommitteeshouldensurethatmanagement,workingwithinternalandexternalauditorsasappropriate,hasaformalandstructuredprocesstoperiodicallyassesstheinternalcontrolframeworkanditseffectiveness.Thisshouldincludedocumentationofprocessesandcontrols,aswellasperiodictestingtovalidatecompliance.Finally,thefinanceorsimilarboardcommitteeshouldmonitorfinancialtransactionsandrisk-managementperfor-mance,particularlywheredebtandinvestmenttrans-actionsareinvolved.Togainabetterunderstandingofthelevelofdetailbehindthetwogeneralguidelinesmentionedabove,weoffertheboard-levelchecklist.Whilenotall-inclusive,it’sagoodstartandwillsetthecompany’sthoughtprocessmovingforwardontheseissues.3Board-LevelChecklistForFinancialRiskManagement■■Doyouhaveawrittenrisk-managementpolicythatincludesaclearlydefinedanddetailedimplementationstrategyapprovedbytheproperlevelsofmanagement?■■Doestherisk-managementpolicyidentifythetypesoffinancialexposuresfacingthecompanyandwhichexposureswillbemanaged?■■Doesthepolicyclearlydefinetheunderlyingbusinessrationaleforthethecompany’sderivativeuse,ordoesitleaveopenthepossibilityofspeculativetransactions?■■Doesthepolicydefinethecompany’srisklimitsanddetailhowtheywillbemeasured(e.g.,scenarioanalysis,value-at-risk)andmonitoredonaperiodicbasis?■■Doesthepolicyincludeapprovallevelsforvariousdollarlevelsandtypesoftransactions?Ifanyofthosetransactionsarecomplexorleveragedinstruments,doestheapprovallevelcovertheirriskprofileorjusttheirsimplefacevalue?■■Isthereclearreportingtoseniormanagementofthepotentialmarket,credit,andliquidityriskduetorisk-managementactivities,anddothesemeasuresalsoseparatelyindicateandmeasuretheunderlyingbusinessrisksbeingmanaged?■■Aretherisk-managementobjectives,policies,strategies,andrisksclearlydisclosedintheexternalreporting(e.g.,annualreport,10K,etc.)?■■Isthereanoversightfunctiontoensurethatpoliciesandproceduresarebeingimplementedproperlyandrisklimitsarecompliedwith?Doessomeoneotherthantheindividualsinvolvedinthederivativeinstrumentselectionandexecutionheadandsupervisethisfunction?MANAGINGFINANCIALRISK:ACHEC