Hallikas et al (2002) provide a conceptual framework for risk analysis in networking for a company and note that to analyse and assess the risks associated with networking, either internal audit or computer aided cause and effect analysis can be used as tools for analysis of risks. Considering these factors, in the study of Cass Business School the key risks in financial and non-financial systems seem to be High and increasing tuition fees, increased competition from other schools, legal actions, and internal conflicts between members. However there is a risk management methodology and the Risk Management University Council has agreed to this risk management process.
For several years the University has scored the relevant risks for each risk management strategy as to impact and likelihood using a defined scale. The control environment around the high-scoring risks has been reviewed.
Question 4
'Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization's governance, operations, and information systems.
These include:
Reliability and integrity of financial and operational information.
Effectiveness and efficiency of operations.
Safeguarding of assets.
Compliance with laws, regulations, and contracts.
(Standard 2120.A1)
For each risk identified in Question 3, identify the potential impact of control weaknesses and recommend appropriate controls that might reduce the impact of the threat. Give reasons for your recommendations.
Within the Cass Business school management system, the annual report states that risk management Council has agreed to risk management methodology and processes and risks of the University are defined in the methodology. The University has reviewed its corporate risk register and has consolidated risks that have a high impact and likelihood score and has also reviewed the control environment for high scoring risks. The university council receives regular reports on progress of risk management implementation and within each school a risk register exists with each risk scored against a defined scale. There are future School plans to integrate risk reviews in the University’s general management and planning process.
Bainbridge and Paul (1986) have effectively related control objectives with internal audit systems. In case of ineffective internal auditing, with unreliable financial information and flaws in accounting, complete transparency of financial data might help to overcome the weaknesses considerably. In case of inefficiency of operations and control, a strong project management approach and board internal control is suggested. The measurement and appraisal of intangible assets, especially human capital as a key factor of wealth creation is a key objective for improving organisational effectiveness. Safeguarding of company or organisational assets is possible through stakeholder or director support as well as general corporate performance and in this case, the overall annual performance of the school which is required to show financial profits. Compliance with laws and regulations can improve credibility and appropriate company objectives and codes of ethics and practice as well as strict management guidelines should be put forward.