This paper present an in depth analysis of the implementation of Control & Risk Self Assessment methodology in a large telecommunication company: the Telecom Italia Group (TIG). A CRSA project was launched in February 2003 following the Board’s wish to adhere to the best international standards in internal control and corporate governance. A participatory strategy was chosen by TIG top management for to the implementation of CRSA, thus giving management a central role in the execution of the initiative (more than 500 first and second level managers were involved) with the responsibility to identify and assess risks, to analyse the existing internal controls and to define and implement action plans aimed at their improvement. This case analyses some of the critical issues , discussed in previous researches and studies, on the relationship between internal control and risk management: the cooperation of risk management and internal auditing in the determination and understanding of strategic risks; the internal auditing as an enabler of the links between strategy definition and risk management; the change of the focus of audit from a post hoc review activity to an interactive contribution to management control systems. According to the perspective of managers, three areas have benefited (or are expected to benefit) from the CRSA initiative. Referring to the area of risk assessment and evaluation of internal controls, CRSA has helped managers at business unit and corporate level to confront their (different) perception on the relevance of risk factors that can undermine company’s objectives and on the effectiveness of existing internal controls. With regard to the area of internal auditing , CRSA has triggered a process of development of professional skills both on technical aspects (like methodologies for risk identification and evaluation) and on the relation management side. A third area of concern is the integration of CRSA with planning and control systems. The TIG experience has also highlighted that CRSA is an effective instrument in bringing management closer to the culture of conscious control and management of risks.
From Internal Auditing to Business Controlling: the Implementation of Control Risk Self Assessment in the Telecom Italia Group,
BOZZOLAN, SAVERIO;
2007
Abstract
This paper present an in depth analysis of the implementation of Control & Risk Self Assessment methodology in a large telecommunication company: the Telecom Italia Group (TIG). A CRSA project was launched in February 2003 following the Board’s wish to adhere to the best international standards in internal control and corporate governance. A participatory strategy was chosen by TIG top management for to the implementation of CRSA, thus giving management a central role in the execution of the initiative (more than 500 first and second level managers were involved) with the responsibility to identify and assess risks, to analyse the existing internal controls and to define and implement action plans aimed at their improvement. This case analyses some of the critical issues , discussed in previous researches and studies, on the relationship between internal control and risk management: the cooperation of risk management and internal auditing in the determination and understanding of strategic risks; the internal auditing as an enabler of the links between strategy definition and risk management; the change of the focus of audit from a post hoc review activity to an interactive contribution to management control systems. According to the perspective of managers, three areas have benefited (or are expected to benefit) from the CRSA initiative. Referring to the area of risk assessment and evaluation of internal controls, CRSA has helped managers at business unit and corporate level to confront their (different) perception on the relevance of risk factors that can undermine company’s objectives and on the effectiveness of existing internal controls. With regard to the area of internal auditing , CRSA has triggered a process of development of professional skills both on technical aspects (like methodologies for risk identification and evaluation) and on the relation management side. A third area of concern is the integration of CRSA with planning and control systems. The TIG experience has also highlighted that CRSA is an effective instrument in bringing management closer to the culture of conscious control and management of risks.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
