Risks and Control

Session Layout: 

  1. Rationale for Risk management

  2. Key concepts relating to risk

  3. Risk Management Policy

  4. Concept of Internal Controls

  5. Areas for internal controls in an NGO

Why understand risk management 

  1. Risks discussed in NGO-funder relationship, idea is how to understand, capture and manage risks on part of NGOs

  2. Good risk management is (a) basic to an effective organisation and (b) ensures better delivery of services to the community.

  3. Understand risk appetite (willingness to take risk to achieve objectives) and risk tolerance (ability or boundary to take risk) in an organisation. Risk appetite is about “taking risk” and risk tolerance is about “controlling risk”. Risk appetite is at aggregate level while risk tolerance is at activity level.

  4. Risk management is how to bridge the gap between risk appetite and tolerance

  5. Understand acceptable internal controls

Key Concept:

No organisation is completely free from risks. The environment will always contain risks.

Types of risks facing Organisations

Key Concepts

Risk mitigation is risk reduction - it cannot be made zero.

Risk Management Policy - Need

Risk Management Process

  1. Risk universe analysis

  2. Risk identification

  3. Risk assessment-risk assessment matrix based on likelihood and impact of identified risks

  4. Prioritise risks to be taken up for mitigation

  5. Risk Response-Risk Registers with Roles and responsibilities of staff

  6. Monitoring

  7. Reporting

Almost Certain

(5)

Low

Medium

High

High

High

Likely

(4)

Low

Low

Medium

High

High

Possible

(3)

Low

Low

Medium

Medium

High

Unlikely

(2)

Low

Low

Low

Low

Medium

Remote

(1)

Low

Low

Low

Low

Low

⬆️ Probability ⬆️

(1)

(2)

(3)

(4)

(5)

➡️ Consequence ➡️

Insignificant

Minor

Moderate

Major

Catastrophic

[0-8 = Low; 9-14 = Medium; 15-25 = High]

Internal Controls

Business practices that serve as “checks and balances” on internal stakeholders (staff/key functionaries) and/or external stakeholders (vendors) in order to reduce the risk.

Internal controls are mechanisms or procedures or rules to mitigate or reduce the risks and loss to an acceptable level.

Internal Controls are of 3 types:

  1. preventive controls: in place to prevent adverse events

  2. detective controls: detect error/problem after it has occurred- internal audits, Reconciliations, physical inventorying

  3. Corrective controls-based on error detected

Benefits and Limitations of Internal Controls

Benefits

Limitations

Early warning system

Collision

Prevents fraud

Human error

Avoids external audit findings

Unforeseen circumstances

Avoids statutory and regulatory penalties and actions


Key Areas of Internal Controls for Charitable Organisations

1. Internal Controls around Legal compliance

Statutory and regulatory compliance-difference

(Note: Participants, we have studied this in detail in the session on Principles of Grant Accounting and Management)

Types of Expenditure:

Internal Controls around Expenditure:

Expenditure plan aligned with field requirement and project plan Monitoring to prevent misappropriation/excessive spend/fraud Qualified Finance Staff to avoid inaccurate/delay in payments Proper recording of transactions, report and invoices.

Procurement Process.png

Illustrated:

  1. Specify technical specs
  2. Budget for Purchase
  3. Appoint Purchase Team
  4. Research potential suppliers
  5. Solicit Bids
  6. Bid evaluation & vendor selection
  7. Issue Purchase Order
  8. Receipt Inspection of purchase
  9. Invoice approval & payment

Internal Controls around Purchase/Procurement

Controls around HR Management

Controls around Fixed Assets & Inventory

Accounting is the process of recording, summarising, analysing and reporting financial transactions

Area of internal control in accounting:

  1. Compliance with new Rule regarding maintenance of books of accounts

  2. Compliance with new Rule regarding maintenance of Other documents

Accounting Software 

Controls in accounting:

  1. Accuracy

  2. Standard formats for recording

  3. Evidence and supportings

  4. Complete and transparent

  5. Audit

(Note: Participants refer to the session on Grant Accounting and Management for this area of control)


Revision #11
Created 24 April 2024 05:46:52 by Pooja
Updated 4 December 2024 05:45:04 by Pooja