13 Questions on Risk Management
   Is there a separation of duties between ...


13 Questions on Risk Management

Is there a separation of duties between those who generate financial risks and those who manage and control these risks?

There is no doubt that the process of measuring, monitoring, controlling and reporting risk exposures should be managed separately from those who generate the activities that bring about the risk. It is up to the board to decide how this segregation of duties is achieved. The board should determine whether the firm’s scale and complexity of activities warrant a separate independent risk management (control) person or unit. In a small or medium-sized outfit, this person could be a member of management who is not directly involved in the day-to-day generation of risk or is not profit-responsible for such activities. These independent managers or units should report exposures directly to senior managers and the board.

Senior managers must clearly delineate responsibilities between front- (whoever assumes financial risks for the organisation) and back-office (settlements and accounting) which should always be manned and supervised separately. They must also ensure proper reconciliation of front and back-office databases, for example by appointing a unit (person) independent of the business to verify position data, profit and loss figures and individual transaction details. This reconciliation should be carried out regularly with the frequency depending on the volume of transactions. As a guide, organisations which actively use financial instruments carry out reconciliations daily.

Box 4
Merck cultivates control culture
The board of directors and senior management of Merck have earmarked a robust control system as one of the main ways of assuring that its assets are safeguarded. In its management’s letter in the 1996 annual report, the chairman, president and chief executive officer Raymond Gilmartin and chief financial officer, Judy Lewent write: «To assure that financial information is reliable and assets are safeguarded, management maintains an effective system of internal controls and procedures, important elements of which include careful selection, training and development of operating and financial managers; an organisation that provides appropriate division of responsibility; and communications aimed at assuring that Company policies and procedures are understood throughout the organisation. In establishing internal controls, management weighs the costs of such systems against the benefits it believes such systems will provide. A staff of internal auditors regularly monitors the adequacy and application of internal controls on a world-wide basis.
«To insure that personnel continue to understand the system of internal controls and procedures and policies concerning good and prudent business practices, the Company periodically conducts the Management’s Stewardship Program for key management and financial personnel. This program reinforces the importance and understanding of internal controls by reviewing key corporate policies, procedures and systems.»

vf Continue

Case Studies * 13 Questions on Risk Management