Public practitioners have important decisions to make in coming months.
By Caroline Karavias
In December 2011, the Accounting Professional and Ethical Standards Board released APES 325 Risk Management for Firms.
This standard applies to members in public practice and replaces CPA Australia’s RMS 1 Risk Management Statement (RMS 1), which was applicable to all of CPA Australia’s Public Practice Certificate holders.
On 1 January 2004, CPA Australia put into effect RMS 1. It defined risk management as “processes and structures that are directed towards the effective management of potential opportunities and adverse effects”.
Its requirements were developed due to increasing liability for losses. The premise was to ensure that practitioners understood the implications and risks associated with the decisions they made, otherwise accountability was challenged.
APES 325 reinforces the importance of risk management and states that a framework should help a firm meet its overarching public-interest obligations and business objectives by:
- Facilitating business continuity
- Enabling quality and ethical services to be rendered to clients
- Protecting the firm’s reputation and credibility
Such a framework should consist of policies designed to achieve the practice’s objectives, as well as procedures to implement and monitor compliance with those policies.
It should be an integral part of the firm’s strategic and operational plan and should take into account risk appetite.
The need to meet overarching public-interest obligations is one of the biggest changes from RMS 1 to APES 325.
Practitioners must assess how they operate in their community and the impact they may have on local market conditions.
This section includes APES 325 Risk Management for Firms – A Guide for Members. There is also a brief overview of requirements.
- Some general guidelines for developing a framework are:
- Read the standard (http://bit.ly/121SYiv)
- Use the key organisational risks suggested in APES 325 to help with your structure
- Build on RMS 1 – the framework should assess the risks to your practice, estimate the effects each identified issue may have and include responses should they occur
- Embed the review process into your practice; support this by making it a part of monitoring procedures in your quality-control manual
- Brainstorm – whether you are a sole practitioner with no staff or in a multipartner firm, this is an opportunity to think about inherent risks and involve key staff in managing them
- If possible, discuss your framework with peers
- Research risk on the internet. There are tools there to help form strategies
Most importantly, remember that not only do you need to establish policies and procedures, but also you must set up a monitoring process.
This is to ensure that your framework remains relevant, adequate and effective as business conditions change.
Furthermore, it may help you detect non-compliance early so you can fix it.