COSO 2017 KURUMSAL RİSK YÖNETİMİ ÇERÇEVESİNE KONTROL ÖZ DEĞERLENDİRME YAKLAŞIMIYLA BAKIŞ VE BİR KURUM UYGULAMASI-II

Yıl 2019, Sayı: 19, 89 - 100, 14.06.2019

Alptuğ Güler Ali Kasım Arkın

Öz

Dünyadaki sosyal ve teknik değişim hiç olmadığı kadar ivme kazanmış durumdadır. Bu değişime bağlı olarak da belirsizlikler ve riskler hem nicelik, hem de nitelik olarak artmakta, kurumları ve çalışanları kontrol edilemez bir yöne taşımaktadır. Kurumlar, riskleri kontrol edebildiği sürece sürdürülebilirliklerini sağlayabilmektedir. Kontrol Öz Değerlendirme sürdürülebilirlik ve risklere karşı öngörülebilecek kontrol araçlarını geliştirmek için etkin bir bakış açısı sağlamakta ve Kurumsal Risk Yönetimi için sağlam bir zemin oluşturma potansiyeli taşımaktadır. COSO (The Committee of Sponsoring Organizations of the Treadway Commission) 2017 yılında mevcut çerçevesini güncelleyerek Kurumsal Risk Yönetiminin kurumun tüm süreçlerine entegre edilmesinin önemini vurgulamıştır. Bu entegrasyon; örgütün yönetişim, strateji, hedef belirleme ve günlük operasyonlarına ilişkin karar alma süreçlerini iyileştirecek, performansı artıracak ve örgütsel sürdürülebilirliğe katkı sağlayacaktır. Yenilenen COSO çerçevesinin kurum bünyesinde içsellik kazanması için örgütlerin yapması gereken ilk adım, belirsizliklerini ve risklerini tespit etmesidir. Bunun en etkin yolu örgüt bünyesinde bir risk çalıştayı yapıp, çalıştay sonuçlarını Kurumsal Risk Yönetimi için yol haritası yapmaktan geçmektedir.

Bu makalede, Kontrol Öz Değerlendirme yöntemleri ile yenilenen COSO Kurumsal Risk Yönetim Çerçevesi açıklanmış ve Düzce Üniversitesi Risk Evreninin Belirlenmesi Çalıştayı örneğiyle kuruma sağlayacağı katkılar değerlendirilmiştir. Bir vaka analizi olarak Çalıştay, Kontrol Öz Değerlendirmenin kurum genelinde risk-kontrol ve hedef için birfarkındalık oluşturma kapasitesini göstermektedir.

Anahtar Kelimeler

Kurumsal Risk Yönetimi, Kontrol Öz Değerlendirme, COSO KRY 2017 Çerçevesi, Risk Çalıştayı

OVERVIEW THROUGH CONTROL SELF-ASSESSMENT APPROACH TO COSO 2017 ENTERPRISE RISK MANAGEMENT FRAMEWORK AND APPLICATION OF AN ORGANIZATION-II

Öz

Social and technical change in the world has gained more momentum than ever before. Due to this change, uncertainties and risks increase in both quantity and quality and carry the institutions and employees to an uncontrollable direction. Institutions can ensure their sustainability as long as they can control the risks. Control Self-Assessment provides an effective perspective for developing control tools that can be predicted for sustainability and risks, and has the potential to be a solid ground for enterprise risk management. In 2017, COSO (The Committee of Sponsoring Organizations of the Treadway Commission) updated its existing framework and emphasized the importance of integrating enterprise risk management into all processes of the organization. This integration will improve the decision-making processes of the organization’s governance, strategy, goal setting and daily operations, improve performance and contribute to organizational sustainability. The first step that organizations need to make for the internalization of the renewed COSO framework within the organization is to identify the uncertainties and risks. The most effective way to do this is to carry out a risk workshop within the organization and make the results of the workshop a roadmap for enterprise risk management.

In this article, Control Self-Assessment methods and renewed COSO Enterprise Risk Management Framework are explained, and the contributions to be provided to the organization by the example of Düzce University Risk Universe Workshop were evaluated. As a case study, the Workshop demonstrates the capacity of the Control Self-Assessment to establish an awareness for the risk-control and objective across the organization.

Anahtar Kelimeler

Entreprise Risk Managemeent, Risk Workshop, Control Self Assessment, COSO ERM 2017 Framework

Kaynakça

• Abrams C., Von kanel J., Muller S., Pfıtzmann B., ve Ruschka-Taylor S., (2007) “Optimized Enterprise Risk Management”, IBM Systems Journal, 46(2), 219–234.
• Anderson D., (2017, Ekim) “COSO ERM Getting Risk Management Right”, Internal Auditor, 38-43.
• Akçakanat Ö., (2012) “Kurumsal Risk Yönetimi ve Kurumsal Risk Yönetim Süreci”, Süleyman Demirel Üniversitesi Vizyoner Dergisi, 4(7), 30-46.
• Barr P. S., Stımpert J. L. ve Huff A. S., (1992) “Cognitive Change, Strategic Action, and Organizational Renewal” Strategic Management Journal, 13(S1), 15–36.
• Bartlett C. A. ve Ghoshal S., (2002) “Building Competitive Advantage Through People: Human, Not Financial, Capital Must Be The Starting Point and Ongoing Foundation of A Successful Strategy”, MIT Sloan Management Review, 43(2), 34+.
• Beasley M., Pagach D., ve Warr R., (2008) “Information Conveyed in Hiring Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management Processes”, Journal of Accounting, Auditing & Finance, 23(3), 311–332.
• Bhatt G. D. ve Grover V., (2005) “Types of Information Technology Capabilities and Their Role in Competitive Advantage: An Empirical Study”, Journal of Management Information Systems,22(2), 253–277.
• Callahan C. ve Soıleau J., (2017) “Does Enterprise Risk Management Enhance Operating Performance?”, Advances in Accounting, 37, 122-139.
• COSO, (2004) Enterprise Risk Management Framework, http://www.coso.org/documents/COSO_ERM_Execut iveSummary.pdf. Erişim Tarihi: 01.08.2016.
• COSO, (2017) Integrating with Strategy and Performance Executive Summary, https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf Erişim Tarihi: 12.09.2018.
• D’arcy, S. P., (2001) “Enterprise Risk Management”, Journal of Risk Management of Korea. 12(1).
• Davıdson R., Dey A. ve Smıth A., (2015) “Executives’ “OffThe-Job” Behavior, Corporate Culture, and Financial Reporting Risk”, Journal of Financial Economics, 117(1), 5-28.
• Dınu A. M., (2012) “Modern Methods of Risk Identification in Risk Management”, International Journal of Academic Research in Economics and Management Sciences, 1(6), 67-71.
• Dolde W., (1993) “The Trajectory of Corporate Fınancial Risk Management”, Journal of Applied Corporate Finance, 6(3), 33–41.
• Emblemsvåg J. ve Kjølstad L.E. ,(2002) “Strategic Risk Analysis – A Field Version”, Management Decision, 40(9), 842-852.
• ERM, (2018) Applying Enterprise Risk Management to Environmental, Social and Governance-Related Risks, https://www.coso.org/Documents/COSO-WBCSD-Release-New-Draft-Guidance-Printer-friendly.pdf Erişim Tarihi: 11.10.2018.
• Fıtzpatrıck K. R., (1995, Summer) “Ten guidelines for reducing legal risks in crisis management”, Public Relations Quarterly, 40(2), 33-38.
• Flamholtz E., (2001) “Corporate Culture and the Bottom Line”, European Management Journal, 19(3), 268–275.
• Gıunıpero L.C. ve Eltantawy R.H., (2004) “Securing The Upstream Supply Chain: A Risk Management Approach”, International Journal of Physical Distribution & Logistics Management, 34(9), 698-713.
• GLEIM CPA REVIEW, (2018) Updates to Business Environment and Concepts.
• Hallikas J., Karvonen I., Pulkkınen U., Vırolaınen V.M. ve Tuomınen M., (2004) “Risk Management Processes in Supplier Networks”, International Journal of Production Economics, 90(1), 47–58.
• Hamıd A.R.A., Majıd M.Z.A. ve Sıngh, (2008) “Causes of Accidents at Construction Sites”, Malaysian Journal of Civil Engineering, 20(2) : 242 - 259.
• Hubbard L., (2000) Control Self-Assessment A Practical Guide, the IIA.
• Joseph G. ve Engle T., (2005) “The Use of Control Self-Assessment by Independent Auditors”, The CPA Journal, 38-43.
• Kıral H. ve Hatipoğplu İ.İ., (2017) “Risk Yönetiminde Kontrol Öz Değerlendirme Yaklaşımı ve Strateji Geliştirme Birimlerinin Bu Kapsamda Üstlenebilecekleri Roller”, Amme İdaresi Dergisi, 50(4), 115-133.
• KİDDER, (2014) CCSA Sınavı Hazırlık Kursu Notları, Ankara: Kamu İç Denetçiler Derneği.
• Kurt G. ve UYSAL T.U., (2018) “COSO Kurumsal Risk Yönetimi Çerçevesi Güncelleme Projesinin Getirdiği Yenilikler”, Muhasebe ve Denetime Bakış, 54, 19-34.
• Lave L., (1987) “Health and safety risk analyses: information for better decisions”, Science, 236(4799), 291–295.
• Levın A.C., (2008) “Solving the Right Problem: A Strategic Approach to Designing Today’s Workplace”, Building Design Strategy: Using Design to Achieve Key Business Objectives, ed.: LOCKWOOD T. ve WALTON T., New York: Allworth Press.
• Lıebenberg A. P. ve Hoyt R. E., (2003) “The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers”, Risk Management Insurance Review, 6(1), 37–52.
• Lundqvist S. A., (2015) “Why Firms Implement Risk Governance – Stepping Beyond Traditional Risk Management to Enterprise Risk Management”, Journal of Accounting and Public Policy, 34(5), 441–466.
• Lyon B.K. ve Hollcroft B., (2012, Aralık) “Risk assessments: Top 10 pitfalls and tips for improvement”, Professional Safety, 57(12), 28-34.
• Lyon B.K. ve Popov G., (2016, Mart) “The Art of Assessing R i s k”, Professional Safety, 61(3), 40-51.
• Mcnally J., (2007) “Control Self-Assessment: Everybody Pitching in with Internal Controls”, Pennsylvania CPA Journal, 78(3), 33-35.
• Moeller R., (2015) Brink’s Modern Internal Auditing–A Common Body of Knowledge, 8th Edition, New Jersey: John Wiley&Sons.
• Norrman A. ve Jansson U., (2004) “Ericsson’s Proactive Supply Chain Risk Management Approach After a Serious Sub‐Supplier Accident”, International Journal of Physical Distribution & Logistics Management, 34(5), 434–456.
• O’reılly C., (1989) “Corporations, Culture, and Commitment: Motivation and Social Control in Organizations”, California Management Review, 31(4), 9–25.
• Phinicharomma S., (2018) Risk Base Internal Controls & Audit: What’s New under COSO-ERM 2017 Framework?
• Power M., (2005) “The Invention of Operational Risk”, Review of International Political Economy, 12(4), 577-599.
• Power M., (2009) “The Risk Management of Nothing”, Accounting, Organizations and Society, 34(6-7), 849-855.
• Power M., Scheytt T., Soın K. ve Sahlın K., (2011) “Reputational Risk as A Logic of Organising in Late Modernity”, Organisation Studies, 30(2&3), 301–324.
• Prewett, K. ve TerrY, A., (2018) “COSO’s Updated Enterprise Risk Management Framework—A Quest for Depth and Clarity”, Journal of Corporate Accounting & Finance, 29(3), 16-23.
• Sadu I., (2017, Ekim) “Assessing Soft Controls”, Internal Auditor, 57-60.
• Schwenk C. R., (1984) “Cognitive Simplification Processes in Strategic Decision-Making” Strategic Management Journal, 5(2), 111–128.
• Slovıc P., Fınucane M.L., Peters E. ve Macgregor D.G., (2004) “Risk as Analysis and Risk as Feelings: Some Thoughts about Affect, Reason, Risk, and Rationality”, Risk Analysis, 24(2), 311-322.
• Spears J. L. ve Barkı, H., (2010) “User Participation in Information Systems Security Risk Management”, MIS Quarterly, 34(3), 503-522.
• Touam Z., (2016, Aralık) “Control Self-Assessment, Techniques and Strategies”, IA Internal Auditor Middle East, 18-20
• TURNBULL REPORT, (2005) Internal Control - Revised Guidance for Directors on The Combined Code, London:Financial Reporting Council.
• Türedi H. ve Karakaya G., (2015) “COSO İç Kontrol Modeli ve Kontrol Ortamı”, Finans Politik & Ekonomik Yorumlar, 52( 602), 67-76 .
• Woods M., (2009) “A contingency theory perspective on the risk management control system within Birmingham City Council”, Management Accounting Research, 20(1), 69-81.
• Wu D. D. ve Olson D., (2009) “Enterprise Risk Management: a DEA VaR Approach in Vendor Selection”, International Journal of Production Research, 48(16), 4919–4932.