RISK AND RISK MANAGEMENT
Risks happen in the normal course of business. They can be heightened in complex environments and unusual circumstances. The ability to respond effectively and in a timely manner to both expected and unanticipated risk is critical to an organization’s success.
Enterprise Risk Management (ERM) is a crucial element of an organization’s strategic and tactical decision-making process and resulting actions. CPA Ontario places a priority on ERM. Here’s how.
ENTERPRISE RISK MANAGEMENT AT CPA ONTARIO
Like many organizations, we are operating in a complex and rapidly changing environment. We face uncertainty, which can affect the implementation of our strategic and business plans. ERM supports the continued success of CPA Ontario by ensuring that we consider the effects of risk in pursuing our objectives. We regularly identify, assess, monitor and manage our risks to ensure that our top risks and emerging risks are considered within our risk appetite framework.
We embrace ERM by maintaining a program and framework that ensures that risk management is an integral part of the organization’s activities and management processes. The ERM program assists all areas of the business in managing risks within its risk appetite by bringing a systematic approach and methodology for evaluating, measuring, monitoring, managing, and reporting risks.
Our ERM framework is guided by the following key principles, under the leadership of the CPA Ontario Council and the Executive Team:
- Governance and Oversight. Ensuring that we have the proper oversight on risk and that we make risk decisions within the framework of the organization’s risk appetite.
- Infrastructure. Embedding the skills, tools and templates to enable risk identification, assessment and management.
- Practices. Applying the ERM process for identifying, assessing, managing, monitoring and reporting key risks.
While Council and the Executive Team each has an important oversight role, employees at all levels in the organization are responsible for managing their day-to-day risks. Key risk management roles and responsibilities for the organization are described below:
- Council: Council oversees the implementation and effectiveness of the organization’s ERM policy and framework, reviews key risks and mitigation strategies, and champions a culture that values the management of risk. Together with management, they also define the organization’s risk appetite, and reviews and approves it annually
- CEO and COO: The CEO and COO act as Executive sponsors of the organization’s ERM framework to govern the organization’s risk profile and oversee management of enterprise-wide risks including key risks. They also champion a culture that instills the management of risk, support the integration of ERM with strategic management, decision making and business activities and processes, and cultivate open communication and transparency about risk and risk-taking expectations
- Executive Team:The Executive Team is accountable for effective management of risks in their respective areas and ensures risk-taking is consistent with the organization’s risk appetite and also support the integration of ERM with strategic management, decision making and business activities and processes
- Risk Owners: Risk owners apply decisions and activities that manage risk to acceptable levels and provide timely and accurate risk management information
- All Employees: All employees manage risks within their functional area and reports emerging risks and changes in risks to management
NON-FINANCIAL RISKS
A risk is an event that creates uncertainty in the achievement of objectives. Risk categories for CPA Ontario other than financial risks include brand and reputation risks, strategic (including regulatory) risks, operational risks, technology risks, and human capital risks. We face risks within these categories and have defined strategies to address them. Here are some risks we identified through our ERM process.
Future of the CPA profession. Like other professions, the accounting profession is experiencing unprecedented change resulting from factors such as new technology like artificial intelligence and machine learning, shifting demographics, evolving socio-economic perspectives and environmental issues. The profession faces risk if CPAs do not maintain the competencies and capabilities needed as the business environment evolves. We are working with the other CPA bodies across the country to plan for the future of the CPA profession and evolve core competencies. This includes updating the CPA Competency Map to enhance the foundation of the CPA certification program and ensure the relevancy of newly qualified CPAs.
CPA brand value proposition. There is risk that some stakeholders, including the public at large, do not perceive the significant value that CPAs bring to organizations across diverse industries. We are engaging in brand-building activities here in Ontario and across the country to enhance the profile of the profession and clearly communicate the value CPAs provide.
Cyber security. CPA Ontario faces the same information security risks that confront all organizations. Cyber risk is constantly evolving and on every organization’s radar given the potential impact whenever this type of risk materializes. CPA Ontario takes steps to protect member and student data from unauthorized access. We continually harden our systems to protect confidential information and reduce the likelihood of IT disruptions. We regularly educate, monitor and test our employees to encourage the use of appropriate cyber security practices. We also follow best-practice security processes, protocols and standards, and hold our third-party service providers and software partners to similarly rigorous security standards.
Technology transformation. CPA Ontario is implementing new IT systems that will modernize our digital footprint and transform foundational capabilities. Enhanced end-to-end online experiences and self-serve functionality will provide better services for all stakeholders. As with all complex IT projects, there are always risks, but we work to ensure that initiatives are appropriately delivered and implemented. We engage with appropriate best-in-class implementation partners and other service partners as well as use robust project management and monitoring as to ensure that initiatives meet their deliverables.
Workplace modernization. CPA Ontario is modernizing its workplace at 69 Bloor Street East to create a technology-enabled workplace of the future. This will protect the value of a key organizational asset, harness new ways of collaborating and provide modern services to our stakeholders. This will also allow us to consolidate our multiple locations as well as attract and retain top talent. This initiative, which includes a move to an interim leased office space over the next three to five years, comes with risk. To mitigate risk in this area, we are drawing on expertise in office planning and design to facilitate these moves and ensure that this multi-year initiative is accomplished smoothly and on budget.
FINANCIAL RISKS
In the normal course of business, CPA Ontario is exposed to certain financial risks. These have the potential to adversely affect our operating and financial performance. The risks associated with CPA Ontario’s financial instruments are: credit, liquidity and market (i.e. currency, interest rate, and other price risk).
CPA Ontario manages financial risks in accordance with internal policies, including our investment policy on managing our funds. The policy’s objectives are to:
- safeguard our assets through prudent and diversified investments; and
- ensure liquidity to meet cash flow requirements
The policy seeks to achieve these objectives by setting parameters for asset quality and for the proportions of fixed income and equity securities in which we invest. Council monitors compliance with the investment policy and reviews the policy on an annual basis to ensure it is relevant.
Given the nature of the organization’s investments, and the constraints imposed by the investment policy, it is management’s opinion that CPA Ontario is not exposed to significant risk in respect of financial instruments.
In addition, CPA Ontario has built a strong balance sheet through prudence in fiscal management. This serves to mitigate against economic contingencies.
CREDIT RISKS
Credit risk refers to the exposure resulting from the possibility that a counter party will fail to perform its obligations, or the exposure arising from a concentration of transactions carried out with the same party, such that CPA Ontario could incur a financial loss. Credit risk associated with accounts receivable is minimized as CPA Ontario’s accounts receivable arise mainly from transactions with many parties such as members, firms and CPA students, other provincial CPA bodies, building tenants, and contracted affinity product suppliers. Credit risk associated with investments is minimized substantially by ensuring that these assets are invested in financial instruments of governments and major corporations that have been accorded investment grade ratings by a primary rating agency and/or other credit-worthy parties.
LIQUIDITY RISKS
Liquidity risk is the risk that CPA Ontario will not be able to meet a demand for cash or fund its obligations as they come due. CPA Ontario meets its liquidity requirements by ensuring sufficient cash and short-term investments are on hand at any given time that can readily be converted to cash to cover any expected and unexpected operating requirements.
CURRENCY RISK
Currency risk refers to the risk that the fair value of financial instruments or future cash flows associated with the instruments will fluctuate relative to the Canadian dollar due to changes in foreign exchange rates. CPA Ontario mitigates the currency risk exposure of its foreign cash, bonds and equities by limiting its currency exposure and investing mostly in Canadian securities.
INTEREST RATE RISK
Interest rate risk arises from fluctuations in interest rates and the degree of volatility of these rates. CPA Ontario is exposed to interest rate risk through holding certain investments, in which changes in interest rates can affect the valuation of the investment and the income received from the investment. CPA Ontario manages the interest rate risk exposure of its investments in guaranteed investment certificates and fixed income investments by using a portfolio with varying terms and maturity dates, which helps to reduce the sensitivity of the portfolio to the impact of interest rate fluctuations while enhancing the average portfolio yield.
OTHER PRICE RISK
Other price risk refers to the risk that the fair value of financial instruments or future cash flows associated with the instruments will fluctuate because of changes in market prices (other than those arising from currency risk or interest rate risk), whether those changes are caused by factors specific to the individual instrument or its issuer or factors affecting all similar instruments traded in the market. CPA Ontario has an investment policy that restricts the types and amounts of its eligible investments and requires dealing with highly rated counterparties. Diversification of investments in different geographic regions and the use of different investment vehicles help to manage price risk and volatility of investment returns.