CHAPTER 8

Risk Management and Financial Control

Angela Caldara

VTB Bank Europe

Introduction

A recent newspaper report stated: “Watchdog suspends Eurotunnel shares over late results. Shares in debt-ridden Eurotunnel company were ­suspended yesterday after the Financial Services Authority (FSA) said trading should cease until the Euromoney company posts its delayed annual results.”1

In 26 words, this sentence summarizes most of the risks that a company faces nowadays. Clearly the company in question did not have an adequate team in financial control that really understood risk management.

When we think about risk management, we tend to think about the “boys” on the trading floor and the fund managers sitting in their plush offices in the West End. The former tend to deal in securities, foreign exchange, plain vanilla derivatives, and exotic derivatives, while the latter may be more involved with asset management and hedge funds.

Even if you are not a trader or a fund manager but work in an area that has been brought to the front of risk management, that is financial control, then this is of interest.

Different organizations will structure their finance function in various ways and with various titles, but, for the purpose of this chapter, financial control will include all areas of finance and accounting-related functions. This will include processing all transactions, preparing financial reports for internal and external use, control and coordination over budgets and of general expenditure. All these have connections with financial risk management. In some cases, financial control will interact with other departments involved specifically in risk management. In other cases, financial control will be the risk manager as more dedicated risk management functions may not cover these activities (e.g., expenditure control, taxation, and compliance with statutory and regulatory reporting requirements). Financial control is also able to see the whole picture across the organization and is often in the position to identify both positive and negative between various areas of the business. Often it is the only department that can do this.

The Development of Risk Management Within Financial Control

Developments in risk management and control functions since the Enron scandal have been rapid. Risk management began, in part at least, as an extension of financial control and filled the gaps left by traditional accounting control techniques. Now, risk management has become an important discipline in its own right.

It is important not to forget the role of financial control within risk management and to ensure that the two disciplines communicate and complement each other. The control structure adopted should bear in mind that, while newly developed financial products will suffer the fate that all fashionable products will suffer, a good financial control department will always be indispensable to a company. It is part of the deep and strong foundations of a well-designed company upon which the entire control structure is built.

The Responsibilities of Financial Control

Whenever one looks at a problem, one should go back to first principles. In the case of financial control, this means looking to corporate regulation. We shall use the United Kingdom as an example.

The Companies Act

Companies in the United Kingdom have been regulated for many years under various incarnations of the Companies Act and other regulations such as specific royal charters. It was under the 1862 Act that Salomon and Co. Ltd, for example, was incorporated.

In 1897, the House of Lords, when called upon to decide upon the case of Salomon v. Salomon and Co. Ltd, concluded that “once the formalities of the Act have been complied with, the registered company exists as a legal entity distinct in law from those persons who from time to time are its members.” This is really just an early example of risk management as carried out by Mr. Salomon.

Company law continues to evolve, but some requirements do not change. Companies still have directors and they have duties to comply with, including the duty to provide financial information.

The Companies Act 1985, s. 227, states that directors have the ­following duties.

  • In the case of every company, the directors shall in respect of each accounting reference period of the company prepare a profit and loss account for the financial year; and
  • The directors shall prepare a balance sheet as at the last day of the financial year.

Companies House reminds directors of these duties by sending the company a copy of the “accounts reminder notice” each year, and highlights:

Parliament will soon shorten delivery times for all companies—please make sure that you know what the delivery deadlines are now, and that you take note of future announcements. Directors risk a criminal record, a fine and disqualification if they do not ensure that documents are delivered on time. In addition, . . . the company itself incurs an automatic financial penalty of up to £1,000 for a private company, and £5,000 for a public company.2

It is fair to say that, in nearly all cases, the responsibility for the production of the yearly accounts is delegated by the directors to the financial control area.

The Financial Services Authority (FSA)

Most companies providing financial services in the United Kingdom are regulated by the FSA. The FSA is responsible for the authorization of financial services companies and it can withdraw its authorization, thus preventing the company in question from going about its daily business.

The FSA has a Handbook of Rules and Guidance that details how the FSA will supervise firms by requiring the firms to engage approved ­persons, by implementing prescribed processes and procedures, and by asking the firms to both pay a fee and submit reporting requirements. These reporting requirements are completed within financial control. ­Failure to comply with these will have serious consequences as these returns are regulatory, not prudential, and effectively are part of the obligations that the firm suffers under the Finance and Markets Act.

London Stock Exchange (LSE)

Many large companies are quoted, so they will also need to comply with the rules of the relevant exchange, for example, the LSE in the United Kingdom. This will apply to all companies, including financial services companies.

The LSE concentrates on four main areas, one of which is to provide a market for the trading of the shares in a company. In 2003, the LSE created the London Equity Derivatives Exchange (EDX London) to deal with the cash and equity derivative markets. To be able to access this market, financial services companies have to become members of EDX London and as such comply with EDX London’s requirements.

The LSE has its own rules and requirements, although many of these will be met through a firm complying with both the Companies Act and FSA requirements. Failure to comply with the LSE’s requirements will result in the shares of the company being suspended from trading. Again, the duty to ensure compliance with these requirements will fall on ­financial control.

The Taxation Authorities

Lastly we should not forget the taxation authorities, for example, Her Majesty’s Revenue and Customs (HMRC) in the United Kingdom. HMRC is responsible for the collection of a variety of taxes including corporation tax (CT) and value added tax (VAT). Responsibility for the preparation of these returns, again, usually resides within the financial control function of the firm. The risks associated with noncompliance with this legislation are also severe.

Having discussed briefly the main external risks impacting upon financial control, we can now look at the internal risks and why financial control is involved in risk management.

Key Current Risk Issues Within Financial Control and How They Are Being Dealt With

These can be summarized under the headings of:

  • the need to record the transactions;
  • the need to control the transactions/flow of funds;
  • the requirement to develop appropriate accounting policies;
  • the regulatory demands of disclosure; and
  • the commonsense review—do the figures make sense?

The role of financial control is summarized by the first two headings, as these are part of the company’s processing and control function. When the recording of the transaction highlights a problem (i.e., a risk crystalizes and income decreases/the cost increases/the loss arises), it is the financial control department that will have to report it, via the monthly management accounts to the board and eventually via the published financial statements to the shareholders. If results are particularly bad and the company is quoted, there will be six-monthly results to be published or profit warnings to be issued.

The financial control department has also a personal interest as, often being the bearer of bad news, it will suffer from the paradox of shooting the messenger. It is always incumbent upon financial control to work transparently with its peers to minimize the risk that inappropriate action may be taken against them.

The need to control the transactions/flow of funds is, in itself, risk management. During the processing of the transaction, financial control may detect errors or anomalies. A proper system that enables such amounts to be promptly identified and dealt with will contribute to effective risk management and therefore significantly reduce the risk.

Examples of these controls are the production of daily profitability figures, daily NOSTRO reconciliations, and regular reconciliations with counterparties. These processes, which are often automated, do have their own inherent risks and this is why there is the need for two or more independent people to be involved in the process.

Different people outside of financial control will be involved in different parts of the transactions, whereas financial control will look at the whole transaction and its risks together. For example, a simple bond holding will involve the purchase of the bond at whatever price agreed by the parties, accrued interest, coupons, regular marking-to-market, and, perhaps, amortization of the premium or discount. The trader may regard the transaction as being complete when the Society for Worldwide Interbank Financial Telecommunication (SWIFT) sends the deal confirmation. There may be input errors, however, which will hopefully be identified by financial control at least by the following day, when preparing the daily profitability report, as the NOSTRO (this being the term used to refer to a bank’s own accounts as opposed to those of the customers) reconciliation will highlight that funds paid or received do not agree with the underlying transaction.

There may be more long-term errors. An incorrect split between purchase price and purchased accrued interest may have no effect on the settlement amount and, therefore, may not be highlighted by the daily profitability report. It may have a major effect, however, on the subsequent recognition of income over the period in which the asset is held, through incorrect amortization and incorrect recognition of the coupon.

We shall now consider the remaining issues: accounting policies, disclosure, and the application of common sense. There is a large body of rules, policies, and regulation that dictates how transactions must be reported for external purposes, some being more prescriptive than others. The basic reason for this is to ensure that outsiders, for example, shareholders and analysts, can look at comparable figures in sets of accounts from different companies. This also applies to regulators and tax authorities.

The first sets of figures produced by financial control are always the management accounts and the accounting policies are first applied here and then fed through to the published accounts. There is no need, however, for this to be the case and it is not uncommon for management accounts, which are often used to allocate profitability between departments, to use different accounting policies. Often, management accounts are also used to calculate the traders’ bonuses and to calculate and monitor the company’s exposure. This will be based on the marking-to-market all of the positions, regardless of whether they are in the trading or available for sale. Some positions, however, may be reported in statutory accounts and may be based on amortization of income and costs.

The International Accounting Standard 39 (IAS 39) requirements do not match economic reality, as seen from the point of view of the traders or the risk managers, and, therefore, there is a tendency to adopt different policies.

IAS 39

IAS 39, the accounting standard covering the recognition and measurement of financial instruments, is difficult and controversial. There are, indeed, two versions of it: the full version and the EU version. The problems have even prompted an intervention by the President of France, almost certainly unique for accounting. In 2003, Chirac wrote a letter to the European Commission President Romano Procli warning of “artificial volatility.”33

The problems include the use/requirement of fair-value accounting (the term used for marking-to-market, as it covers items where there is no market) for many financial instruments, including derivatives, and rules as to when hedge accounting, which is a departure from the normal basis, can be used. One of the main problems or principles has been that the use of fair value may make reported income rather volatile. This may particularly occur if parts of a complex position are accounted for on different bases, for example, fair value for the assets and derivatives, but a cost basis for the liabilities. To account for liabilities using fair value is particularly problematic as it creates the paradox that a decrease in a company’s credit rating can create a gain due to the reduction in price of its liabilities. Therefore, the standard is restrictive on the use of fair value for liabilities.

A further problem is created by the fact that, to qualify for a hedging provision, the hedging instrument has to involve a third party. This has caused problems for groups with intragroup hedges.

Financial instruments will be valued for external reporting purposes depending on the reason why the company held them, that is, the hedging provision being part of the risk strategy. The financial control department needs to know and understand how this aspect of risk management works. If this were not the case, the transaction could be misreported or the results would fluctuate wildly following discovery by the auditors.

Therefore, it is important that the company’s new products or new business procedures include financial control. This is not just so that it can set up the necessary accounts in the various ledgers, but more importantly so that it knows and will advise on how it will be accounted for. This should happen before the transaction takes place because afterward it may be too late to take any corrective action.

Finally, the subject of disclosure has its own risks. How much or how little of the risk management policies should be disclosed and is the analysis correct? A typical set of financial statements is very long and complex. A disclosure checklist, as used by the accounting firms, may run to several hundred pages. These disclosure requirements are likely to increase over time. This is exacerbated through the development of a management commentary, a generic term coined by the IAS Board (IASB) for the narrative reports, such as the “operating and financial review” originally developed in the United Kingdom, although no longer mandatory, and the “management discussion and analysis report” in the United States and Canada. It is, essentially, a narrative disclosure to complement and explain the financial statements. It will include a discussion of the ­principal risks faced by the company, key performance indicators, and some indication for the future as seen by management. Management commentary is a topic in itself and not for this chapter.

The IASB has issued a discussion document on this topic with a view to eventually issuing a standard, making such a document a requirement for financial reporting. Whatever the outcome, the trend is for increased disclosure. The responsibility for the production of the annual report will rest with financial control, but some sections may be delegated to other specialist areas within the institution.

In the case of the burden imposed by Section 404 of Sarbanes-Oxley, this responsibility is clearly defined as residing with the finance director or the chief financial officer (CFO).

In financial institutions, the CFO will be expected to sign off the financial statements even though the financial controls for the various products are generally to be found within the various business areas.

Types of Solutions Currently Being Applied Will Vary Depending on the Issue

Financial control will try to reduce risk, especially the loss of funds, or liquidity, caused by incorrect expenditure or the loss of income in two basic ways.

  • Setting internal controls, consisting of checks such as division of duties and of level of authorities, to ensure that expenditure only occurs when appropriate and that income is actually received as and when due.
  • Creating budgets/plans against which actual results can be monitored. This is part of the management process as there will be delegated authority and, also, it will hopefully detect errors/anomalies.

These two techniques are so fundamental that they are often taken for granted and their original purpose and relevance forgotten. These internal controls were set in stone before the creation of the new, complex financial instruments and some risks, for example, disaster recovery, cannot be reduced by standard accounting techniques. Nowadays, they have been relegated to a secondary place, after the more fashionable issues. They still have a primary role, however.

The Budget

Everybody is familiar with a budget, or thinks they are. Parts of the budget-setting process, however, may simply be last year plus or minus 10 percent. It is not always appreciated that the budget is actually part of the risk management process. If used properly, it identifies the planned transactions/activities of the entity before they are so far advanced that inappropriate ones cannot be rectified, reversed, or their adverse consequences mitigated. The budget may also enable financial control to become aware of proposed transactions, so that it can review and comment on the accounting consequences (see above).

Unfortunately, budgets do not always contain sufficient information to identify the problems. Budgets may also not always be reviewed by the people within financial control who will actually process or report the transactions. In practice, when financial control reviews the budget, it is often too late to change the accounting.

One of the benefits of IFRS (International Financial Reporting Standards) is that accountants have had to get closer to the business areas, and have been allowed to, in order to identify the issues involved in implementing IFRS. It is important to ensure that finance people are aware of issues and do not just rely on finance coming the other way. By definition, finance is further down the processing line and, by the time financial control becomes aware of a problem through seeing the transactions, it may be already too late.

More “controversial/risky” items can re-reviewed and rechecked. Examples include those decisions that have tax implications, various accounting treatments and/or affect the reputation of the company. This budget will usually deal with administration/overhead expenditure and people therefore ignore it.

Generally, when setting budgets, people will try to reduce expenditure even when additional expenditure is required to reduce risk, for example, the installation of an uninterrupted power supply unit for the computer system. Line managers will often not consider this additional expenditure necessary for the function of the operations and it will be removed or discontinued when financial cuts are made. It is important that financial control and risk management are aware of each other’s requirements when the budget is created and understand the impact on risk management of such budgetary constraints.

The setting up of budgets provides a set of reference points against which actual results are compared. Many errors have been detected this way, but this is dependent on the frequency of reporting. Frequency will vary depending on the risk of the error, the consequences, and the ability to mitigate the loss within a certain timeframe. These controls can vary from spot checks to trend analyses, which, by definition, must be carried out over a period of time.

The budgetary process also includes forecasts, as these look to the future and can identify emerging patterns that enable problems to be identified and rectified prior to their occurrence.

Internal Controls

These are as basic as segregation of duties, the approval processes at the key stages of a transaction, and agreeing supporting documentation. First, there is the movement of goods and services and then the movement of cash. These two flows must match and if they do not then the chances are that an error or some form of inappropriate activity has occurred. The absence or blurring of these two segregated flows and the lack of comparisons are the basis of many specific problems in financial services.

The above techniques do not work very well with complex financial instruments, but as the income of many financial services is made up of fee income and that expenditure is still expenditure, they should not be disregarded.

Issues Non-specific to General Risk Management

By now, it will be apparent that there are a number of issues of risk management of concern to financial control. Many of these will be covered by the general risk management processes, particularly where the function includes some accountants.

Some of these risks, however, may not be covered by general risk management and so run the risk of being forgotten or underestimated. They can have a significant impact on the finances and the reputation of both the company and senior individuals.

It is believed that some of the risks that fall in this category include, among others:

  • financial reporting to external users;
  • treatment of transactions for VAT, corporation tax and/or income tax, or national insurance;
  • reporting for statistical purposes (prudential return);
  • reporting for regulatory purposes; and
  • differences in accounting policies, resulting in incorrect or inappropriate risk or hedging strategies.

These have been described previously. The role of financial ­control, however, is to ensure that these are properly considered by senior management.

Conclusion

We all live in a world of risk. Financial control will have a key part in managing this. While recognizing that finance is only part of the risk environment, it needs to ensure that it is properly covered and that key items are not overlooked. This may require either the reminding or the education of members of the risk management function. In turn, finance needs to become aware of the problems facing the rest of the organization and be aware of their risks. It will need to get out among the business more than it may have done in the past.

1 City A.M., Issue 161, Wednesday May 3, 2006.

2 From: Comp 1 (Rev 04/2003).

3 www.accountancyage.com/accountancyage/features/2153012/ifrs-update-spring-2006-french

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset