Coso and Basel Essays

Coso and Basel Essays Coso and Basel Essay Coso and Basel Essay Financial Collapses and Regulations New England College of Business In an era of risky investments and failed financial institutions, additional importance is being placed on businesses implementing Enterprise Risk Management (ERM) plans. ERM is defined by the Institute of Internal Auditors (2012) as an approach designed to identify, quantify, respond to, and monitor the consequences of potential events implemented by management. Without an ERM plan, transparency to shareholders and internal accountability are nearly impossible to achieve. COSO and Basel are both reactive frameworks to increased regulatory changes that forced institutions to show more transparency to their financial reporting, in order to manage operational risks, mitigate the likelihood of a collapse, and ensure stability in volatile market conditions (Farnan 2004; Balin 2008); these measures increase confidence in investors. This comparative analysis of COSO and Basel seeks to indentify common measures that are necessary to form a functional ERM plan, the most important being the accountability of management and its communication with the Board (The New Basel Accord 2003). A Comparative Analysis of ERM Guidelines: COSO I/II and Basel I/II Introduction Due to the epidemic of failed financial systems seen over the past decade, agencies and private organizations (e. g. , Securities and Exchange Commission, NICE, etc. ) have set in place guidelines for the standardization of reporting and evaluating risk in an effort to eliminate surprise collapses in the future (NICE Systems Ltd. 2012). Alexander Campbell, Editor, Operational Risk Regulation, states that regulatory approaches are changing and requiring companies to streamline processes for monitoring internal risks at a company, such as fraud (NICE Systems Ltd. 2012). Common goals of organizing committees trying to tackle regulatory challenges are to improve communication between the board and management, increase shareholders confidence, and most importantly, for entities to thoroughly evaluate their liquidity so that in the event of a crisis, investors assets are secured (Bressac 2005; Decamps, Rochet, Roger 2003). This comparative analysis of COSO and Basel identifies the standards these documents set for institutions to maintain an Enterprise Risk Management (ERM) plan, as well as the affects these documents shortcomings and constraints have on entities which apply either COSO or Basel. Enterprise Risk Management (ERM) is defined by the Institute of Internal Auditors (IIA) (2012) as an approach designed to identify, quantify, respond to, and monitor the consequences of potential events implemented by management. It is important for all parties affiliated with an institutions ERM plan to clearly identify and understand the events that impact a companys value in order for the entity to achieve its objectives (IIA 2012). The frameworks COSO and Basel both attempt to be reactive solutions to public events in which lack of an adequate ERM plan has contributed to a collapse of a major institution or market which had a detrimental affect on the public (Farnan 2004; Lall 2009). Both documents have been explored by many key opinion leaders in the financial industry, and while each provides a set of guidelines for developing successful ERM protocols, each also fails to be foolproof. Shaw (2006) provides the argument that while the COSO standard was groundbreaking at the time, it was not meant to be a marking guide for controls. Moreover, in regards to Pillar 3 of the Basel Accord which depicts methods of Value-At-Risk (VAR) calculations, Standard and Poors noted that although these VAR methods appear to offer mathematical precision†¦they are not a magic bullet (Lall 2009). COSO and Basel can be seen as a significant step forward for the times (Saurina and Persaud 2008). Basel In 1974, the Basel Committee of Banking Supervision (BCBS) was created (consisting of the G10 plus Luxembourg and Spain) in light of the challenges from an increasingly internationalized banking system (Lall 2009). In the 1980s, it became clear (post-Latin America Debt Crisis, 1982) that a process was needed regulate the international banking system to mitigate risk and manage losses (Lall 2009). The first Basel Accord and Basel II, referred to as Basel, is a method of risk management, specifically for financial institutions operating on a multi-national level, that sets minimum capital requirements (8% of adjusted assets (Decamps, Rochet, Roger 2003)) that these institutions must uphold to minimize the risk of a collapse in the international banking system (Lamy 2006). Basel I, the first international accord on bank capital was established in 1988, by the BCBS (Finance Development 2008), with the goal to arrive at significantly more risk-sensitive capital requirements with the primary objective in line with ensuring stability in the international banking system (Lamy 2006). In 2004, Basel II was introduced, with amendments in response to the Quantitative Impact Study, QIS 3, (published in May 2003), an increase in the amount of capital banks must set aside for high-risk exposures, and changes from feedback from banks on Basel I (Finance Development 2008; Lamy 2006). The Basel framework is focused on three pillars: a minimum capital adequacy requirement, supervisory review, and market discipline (Decamps, Rochet, Roger 2003). Basel I was highly criticized for having a one size fits all approach to formulating institutions risk-weighted assets (with insensitivity to emerging countries), in addition to unrealistic capital requirements that discouraged even reasonable risk taking (Kaufman 2003). In response to these critiques, BCSB began to draft Basel II, in which the amendments to Pillar I (310 out of ~350 pages of the document (Balin 2008)) were most notable. Balin (2008) describes the menu of various options that Basel II encompasses for Pillar I, which allow institutions to choose the most suitable options dependent on a series of factors (i. e. , size, rating, etc. ). The minimum capital requirement pillar focuses on the least amount of capital a bank must maintain to be protected from credit, operational, and market risks (Ahmed and Khalidi 2007). In Basel II, the highly critiqued credit risk requirements were modified to decrease the one size fits all stigma of Basel I (Kaufman 2003). Additionally, Basel II takes into account loopholes found in Basel I that enabled banks to maintain their desired level of risk while cosmetically assuaging to minimum capital adequacy requirements, which was done mainly through a transfer of assets to holding companies and subsidiaries (Balin 2008). Similar to COSO framework, the first pillar of Basel seeks to unite various types of risks into an overall evaluation of capital requirements to safeguard shareholders and investors. Pillar 2, the Supervisory Review, is meant to insure that banks have adequate capital to support all the risks in their business including, but not limited to, the calculations in Pillar 1 (Kaufman 2003). This Pillar clearly defines of obligations of supervisory oversight against extreme risk taking; of note in this Pillar is line 680, which states: Supervisors are expected to evaluate how well banks are assessing their capital needs relative to their risks and to intervene, where appropriate. This interaction is intended to foster an active dialogue between banks and supervisors such that when deficiencies are identified, prompt and decisive action can be taken to reduce risk or restore capital (The New Basel Capital Accord 2003). The four principles of Pillar 2 seek to hold the supervisors responsible for implicating processes, reviewing, setting expectations, and intervening when warranted in regard to management of capital risks (The New Basel Capital Accord 2003). Pillar 3 seeks to protect against changes in asset prices (market risk) (Balin 2008), which is an addition to the credit risk factors of Basel I. Using the Value-At-Risk (VAR) model, banks were able to determine the probability of a portfolios value decreasing by more than a set amount over a given time period (Lall 2009). Critics of the VAR model, such as the International Monetary Fund (IMF), claim that it fails to account for extreme market events and assumes that the processes generating market events were stable (Lall 2009). COSO In July 2002, the Sarbanes-Oxley Act (SOX) was passed with the goals of increasing investor and public confidence in the post-Enron era and increasing management accountability, among others (Farnan 2004). Section 404 of SOX states that effective for some large companies, beginning December 31, 2004, a separate management report on internal control effectiveness and audit by the organizations external financial statement auditor is required (Farnan 2004). COSOs framework lays out a path for developing efficient operations and regulatory compliance methods, and has been established as the framework recommended by agencies such as the SEC for public companies to base their financial reporting on (Farnan 2004). The Committee of Sponsoring Organization of the Treadway Commissions (COSO) is comprised of five private organizations in the financial industry (COSO Web site 2012). The COSO organization was established in 1995 with the mission to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence, and attempts to enhance success and leadership, and minimize fraud in company reporting (COSO Web site 2012). Since its establishment, COSO has published frameworks aimed at helping publicly traded companies cope with tough new monitoring requirements mandated by the Sarbanes-Oxley Act (Shaw 2006), and to help businesses manage risk, by looking at business units as an entire entity, designed to improve organizational performance and governance and to reduce the extent of fraud in organization (COSO Web site 2012). The COSO framework is a cube comprised of four (three in COSO I) company objectives perpendicular to eight (five in COSO I) factors that together form a risk assessment program for which companies can reduce risks by realizing the amount of capital needed for consequences (Bressac 2005). Similar to Basel, COSO dictates that the board is responsible for overseeing managements design and operation of ERM (Bressac 2005). One factor that COSO framework includes is the measurement of a companys risk appetite, the amount of risk, on a broad level, an entity is willing to accept in pursuit of value (Rittenberg and Martens 2012). Many objectives that management sets for their company (i. e. , increase market share, win competitive tenders) include a substantial amount of risk, and COSOs strategic decision-making framework allows managers to present the objectives in relation to appetite to the Board for approval (Rittenberg and Martens 2012). Conclusions Both COSO and Basel were drawn to effectively respond to new implications (Sarbanes-Oxley Act (Shaw 2006) and new laws capital requirements for banks (Lamy 2006), respectively), and each have principles that can help institutions manage ERM more effectively. For example, The New Basel Capital Accord (2003) clearly articulates that setting a minimum amount of available capital resources is a vital element of the strategic planning process, and the three pillars devise a plan to do this. Bressec (2005) claims that COSO II framework articulates a way for managers to effectively deal with the events that create uncertainty for entities and create responses to minimize potential losses. COSO and Basel were both released in the infancy stage and flawed. Samad-Khan (2005) observed that COSOs creditability is diminished because consequences are predicted to occur much more frequently than had been historically recorded in the past. Supporters acknowledge that Basel II has arcane ideas, but defend that its still a step in the right direction because it increases financial oversight and makes sure banks wont be doomed by crises of confidence (Coy 2008). It is important to note that while COSO and Basel offer much protection against quantitative risk assessments, they must be coupled with the knowledge and insight of senior risk managements to be most efficient (Lall 2009; Samad-Khan 2005). Moreover, both COSO and Basel also provide constraints that limit the amount of risks institutions can endure, sometimes excessively. Pall (2009) discusses one failure in Basel II as the ability for developed-nation banks to skew their reports to their desired results, at the expense of their smaller and emerging market competitors and, above all, systemic financial stability. Samad-Khan (2005) emphasizes that historical data is still the most reliable way for companies to determine the probability for risk to occur. Start-ups will not have this historical data, therefore may overestimate their probability of risk using the likelihood x impact = risk calculation (Samad-Khan 2005) and miss out on potentially positive opportunities. Others against the provisions claim that both documents (e. g. , Basel in the Emerging markets) implement concessions that constrain potential growth by overcompensating for potential consequences and depleting lending capital for banks, which in the 1930s contributed to the Great Depression (Coy 2008). Historical events depict the need for more stringent regulatory guidelines in this era of financial market uncertainty. The most important common factor of Basel and COSO are that each clearly states that it is managements responsibility to have a functional ERM plan in place, and be in communication with the Board about potential risks that the company faces (Bressec 2005; The New Basel Capital Accord 2003). Holding management accountable for the risks the business takes, while making sure that the Board is in agreement with managements plan creates a necessary harmony of a checks and balances system, in turn creating a safer landscape for shareholders and the public to place faith in. When properly executed,