Organisational governance and risk management audit
In this assessment, you are asked to conduct a values and risk audit of an organisation with which you have had some association. It could be a large company, a family business, a school, a hospital, a not-for-profit organisation. It could be any organisation that provides a service or conducts any form of social activity that involves:
1.
1.
1. Some form of statement about what it does and its commitments. This could be a company or organisational mission statement; or marketing material; or any document in which the organisation defines its commitment to abiding by the law, or certain moral codes, or specific cultural or communal commitments. In other words, anything that articulates what the company/organisation stands for with respect to governance and social responsibility. It might be as generic as saying, as Google does, “do no evil”, or as specific as BHP Billiton’s commitment to observing best practice in land remediation of spent mines;
2. Some level of financial management and accountability. This can be at a very high level for a large company, or very modest in a small family business. Either way, there has to be some level of financial or resource accountability, and some level of responsibility for what the organisation does in the conduct of its activities;
3. A recognised set of risks to the organisation’s well-being, or to the interest of its stakeholders, that are articulated in some way, whether in the form of an organisational risk management strategy, or some other less formal method of assessing and addressing organisational and/or stakeholder risks.
4. A defined set of services or products. That is, the organisation’s outputs – what it offers its client or customers;
5. A customer or client base. There must be some customer or client base for the audit to make sense, and this needs to be identified, namely, who the organisations serves or supplies.
6. Some level of management structure or identifiable managerial accountabilities responsible for organisational governance and risk assessment and management. For our purposes, an anarchic group of people just doing things for the sake of it to help others, or themselves, but with no formal structure, is not a suitable subject for this exercise. There must be some specific roles and accountabilities, even if poorly defined.
What you are asked to do is to conduct a mini-audit of the organisation that describes the above elements, analyses how well and appropriately the organisation manages its stated governance and risk management commitments, and provide a set of recommendations on how the organisation may enhance its governance and risk management performance.
Length and/ or format: 3000 words
Purpose: To assess your ability to apply concepts and practices relating to corporate governance and risk management to actual organizations.
This note is a reminder that the major Assessment for this unit, Assessment 3, is worth 50% of the total unit mark, and requires you to do some advance planning and preparation. I know that you are immersed in addressing Assessment 2. However, Assessment 3 is very hard to do in just a couple of weeks. It requires considerable time, reading, investigation and especially reflective thinking about you chosen case study.
In Assessment 3, you are asked to conduct a values commitment and risk management audit of an organisation with which you have had some association. It could be a large company, a family business, a school, a hospital, a not-for-profit organisation. It could be any organisation that provides a service or conducts any form of social activity that involves:
1 Some form of statement about what it does and its governance commitments. This could be a company or organisational mission statement; or marketing material; or any document in which the organisation defines its commitment to abiding by the law, or certain moral codes, or specific cultural or communal commitments. In other words, anything that articulates what the company/organisation stands for with respect to governance and social responsibility. It might be as generic as saying, as Google does, “do no evil”, or as specific as BHP Billiton’s commitment to observing best practice in land remediation of spent mines;
2 Some level of financial management and accountability. This can be at a very high level for a large company, or very modest in a small family business. Either way, there has to be some level of financial or resource accountability, and some level of responsibility for what the organisation does in the conduct of its activities;
3 A defined set of services or products. That is, the organisation’s outputs – what it offers its client or customers;
4 A customer or client base. There must be some customer or client base for the audit to make sense, and this needs to be identified, namely, who the organisations serves or supplies.
5 Some level of management structure or identifiable managerial accountabilities. For our purposes, an anarchic group of people just doing things for the sake of it to help others, or themselves, but with no formal structure, is not a suitable subject for this exercise. There must be some specific roles and accountabilities, even if poorly defined.
Note: you are NOT expected to conduct a full audit with detailed interviews and in-depth analyses of organizational documents.
What you are asked to do is a ‘mini-audit’ in which you select an organisation and:
1 Give an overview of the organisation – what it does and how it promotes itself to its shareholder (where relevant) and stakeholders, through official documents, policies, procedures, and advertising. Provide evidence in the form of attachments, but only important documents, or selections that make your point. Don’t go overboard with attachments and evidence; just enough to make your point, and no more.
2 Clearly state the ‘advertised’ values of the organisation – what it says it stands for. Where these are unclear, try to tease them out.
3 Describe the processes the organisation has in place that promote, monitor, review, action its value commitments and manage risk. Again, you can’t do everything, so be selective. In your general overview of the organisation’s value commitments, you can state that the organisation is committed to x, y and z, but focus only on z, for example. In other words, don’t be too ambitious. You don’t have much time to complete what could be quite a detailed exercise. So focus on something that is representative of the company’s values commitment (or otherwise!).
4 Review the history of the organisation over the recent past, say, 5 years. You don’t have to be rigid about this. If 10 years is a more appropriate frame of reference, then that’s fine. What you are looking for here is the extent to which the company has been true to its commitments. What evidence can you find one way or another? Remember, corporate governance and/or CSR undertakings are major value commitments of an organisation, and are absolutely central to this assessment.
5 If possible, interview a few key stakeholders for their views. This is not always possible, but may be very relevant in some circumstances. This is up to you. You do NOT have to interview anyone. But if you can, and if it is relevant, then this would be a good way to get more data on the organisation’s fulfilment or otherwise of its value commitments.
6 Draw some conclusions about the company’s integrity (more on this below) and view of risk and how it is to be managed. In other words, discuss what you have found. No need to be definitive, since this is only a mini-audit. But it can be indicative, and serve as the preliminary study for a much deeper investigation. In other words, this is ‘audit lite’, so to speak, in which you do a fairly quick and succinct review of an organisation to see if there is anything that would lead you to look more deeply.
7 You need to be specific about the things you find that indicate organisational integrity, and those that indicate organisational hypocrisy. You are not asked to solve the problems you find, but once you have identified key issues, discuss them in light of the key issues covered in the unit.
8 You do not have to provide heavy academic referencing, but where possible, draw on examples from the readings and unit guide, and any other sources that you believe to be relevant. Again, no need to go overboard. Just cite those sources and references that you have actually used; not a long list for the sake of impressing the marker – the opposite will be the case. You will get good marks for authenticity and sound analysis.
There is no specific template for the audit, because we wish to see what you come up with as an appropriate format for the sort of organisation you are auditing.
In this assessment, you are asked to conduct a values and risk audit of an organisation with which you have had some association. It could be a large company, a family business, a school, a hospital, a not-for-profit organisation. It could be any organisation that provides a service or conducts any form of social activity that involves:
1.
1.
1. Some form of statement about what it does and its commitments. This could be a company or organisational mission statement; or marketing material; or any document in which the organisation defines its commitment to abiding by the law, or certain moral codes, or specific cultural or communal commitments. In other words, anything that articulates what the company/organisation stands for with respect to governance and social responsibility. It might be as generic as saying, as Google does, “do no evil”, or as specific as BHP Billiton’s commitment to observing best practice in land remediation of spent mines;
2. Some level of financial management and accountability. This can be at a very high level for a large company, or very modest in a small family business. Either way, there has to be some level of financial or resource accountability, and some level of responsibility for what the organisation does in the conduct of its activities;
3. A recognised set of risks to the organisation’s well-being, or to the interest of its stakeholders, that are articulated in some way, whether in the form of an organisational risk management strategy, or some other less formal method of assessing and addressing organisational and/or stakeholder risks.
4. A defined set of services or products. That is, the organisation’s outputs – what it offers its client or customers;
5. A customer or client base. There must be some customer or client base for the audit to make sense, and this needs to be identified, namely, who the organisations serves or supplies.
6. Some level of management structure or identifiable managerial accountabilities responsible for organisational governance and risk assessment and management. For our purposes, an anarchic group of people just doing things for the sake of it to help others, or themselves, but with no formal structure, is not a suitable subject for this exercise. There must be some specific roles and accountabilities, even if poorly defined.
What you are asked to do is to conduct a mini-audit of the organisation that describes the above elements, analyses how well and appropriately the organisation manages its stated governance and risk management commitments, and provide a set of recommendations on how the organisation may enhance its governance and risk management performance.
Length and/ or format: 3000 words
Purpose: To assess your ability to apply concepts and practices relating to corporate governance and risk management to actual organizations.
This note is a reminder that the major Assessment for this unit, Assessment 3, is worth 50% of the total unit mark, and requires you to do some advance planning and preparation. I know that you are immersed in addressing Assessment 2. However, Assessment 3 is very hard to do in just a couple of weeks. It requires considerable time, reading, investigation and especially reflective thinking about you chosen case study.
In Assessment 3, you are asked to conduct a values commitment and risk management audit of an organisation with which you have had some association. It could be a large company, a family business, a school, a hospital, a not-for-profit organisation. It could be any organisation that provides a service or conducts any form of social activity that involves:
1 Some form of statement about what it does and its governance commitments. This could be a company or organisational mission statement; or marketing material; or any document in which the organisation defines its commitment to abiding by the law, or certain moral codes, or specific cultural or communal commitments. In other words, anything that articulates what the company/organisation stands for with respect to governance and social responsibility. It might be as generic as saying, as Google does, “do no evil”, or as specific as BHP Billiton’s commitment to observing best practice in land remediation of spent mines;
2 Some level of financial management and accountability. This can be at a very high level for a large company, or very modest in a small family business. Either way, there has to be some level of financial or resource accountability, and some level of responsibility for what the organisation does in the conduct of its activities;
3 A defined set of services or products. That is, the organisation’s outputs – what it offers its client or customers;
4 A customer or client base. There must be some customer or client base for the audit to make sense, and this needs to be identified, namely, who the organisations serves or supplies.
5 Some level of management structure or identifiable managerial accountabilities. For our purposes, an anarchic group of people just doing things for the sake of it to help others, or themselves, but with no formal structure, is not a suitable subject for this exercise. There must be some specific roles and accountabilities, even if poorly defined.
Note: you are NOT expected to conduct a full audit with detailed interviews and in-depth analyses of organizational documents.
What you are asked to do is a ‘mini-audit’ in which you select an organisation and:
1 Give an overview of the organisation – what it does and how it promotes itself to its shareholder (where relevant) and stakeholders, through official documents, policies, procedures, and advertising. Provide evidence in the form of attachments, but only important documents, or selections that make your point. Don’t go overboard with attachments and evidence; just enough to make your point, and no more.
2 Clearly state the ‘advertised’ values of the organisation – what it says it stands for. Where these are unclear, try to tease them out.
3 Describe the processes the organisation has in place that promote, monitor, review, action its value commitments and manage risk. Again, you can’t do everything, so be selective. In your general overview of the organisation’s value commitments, you can state that the organisation is committed to x, y and z, but focus only on z, for example. In other words, don’t be too ambitious. You don’t have much time to complete what could be quite a detailed exercise. So focus on something that is representative of the company’s values commitment (or otherwise!).
4 Review the history of the organisation over the recent past, say, 5 years. You don’t have to be rigid about this. If 10 years is a more appropriate frame of reference, then that’s fine. What you are looking for here is the extent to which the company has been true to its commitments. What evidence can you find one way or another? Remember, corporate governance and/or CSR undertakings are major value commitments of an organisation, and are absolutely central to this assessment.
5 If possible, interview a few key stakeholders for their views. This is not always possible, but may be very relevant in some circumstances. This is up to you. You do NOT have to interview anyone. But if you can, and if it is relevant, then this would be a good way to get more data on the organisation’s fulfilment or otherwise of its value commitments.
6 Draw some conclusions about the company’s integrity (more on this below) and view of risk and how it is to be managed. In other words, discuss what you have found. No need to be definitive, since this is only a mini-audit. But it can be indicative, and serve as the preliminary study for a much deeper investigation. In other words, this is ‘audit lite’, so to speak, in which you do a fairly quick and succinct review of an organisation to see if there is anything that would lead you to look more deeply.
7 You need to be specific about the things you find that indicate organisational integrity, and those that indicate organisational hypocrisy. You are not asked to solve the problems you find, but once you have identified key issues, discuss them in light of the key issues covered in the unit.
8 You do not have to provide heavy academic referencing, but where possible, draw on examples from the readings and unit guide, and any other sources that you believe to be relevant. Again, no need to go overboard. Just cite those sources and references that you have actually used; not a long list for the sake of impressing the marker – the opposite will be the case. You will get good marks for authenticity and sound analysis.
There is no specific template for the audit, because we wish to see what you come up with as an appropriate format for the sort of organisation you are auditing.
Comments
Post a Comment