Risk is inevitable in any business or entrepreneurship. When a business is launched, then some positive outcome is expected; yet there are always chances for negative results. The purpose of this assignment is consider the ways of forecasting and identifying risk and managing it, i.e. reducing or eliminating possible risks or finding ways for an entity to revive from the damage brought about by risks as soon as possible. All the above mentioned is subject of audit also considered in this assignment. InterContinental Hotel Group is chosen as the object for auditing internal and external business risks. Audit is generally defined as: "an examination and verification of a company's financial and accounting records and supporting documents by a professional, such as a Certified Public Accountant"; "an IRS (Internal Revenue Service) examination of an individual or corporation's tax return, to verify its accuracy" (Investorwords.com). Risk is commonly interpreted as the deviation of the anticipated results of future events which can affect the value of the latter. The term audit risk implies the possibility of the audit procedure resulting into an inappropriate conclusion or opinion on the financial statements. These can be neglecting discrepancies with an official standard, especially the ones containing a material misstatement, or recognition of an error when actually there is any (). One should differentiate between audit risk and business risk. Business risk relates to the loss which organization might sustain if it does not achieve its goals and objectives. "It is essentially the potential cost incurred if the business does not achieve its strategic plans" (Swanson, n.d). In many entities the assessment and management of business risk has developed into formalized enterprise risk management, or ERM. Audit risk relates to whether the procedures of internal and/or external audit achieved their objectives successfully. Traditionally, audit risk has been interpreted as "strictly the risk of incorrect audit conclusions" (). Nowadays, however, the concept tends to be extended to deal with more aspects, e.g. mistakes or inefficiency of internal audit. Swanson puts an equal sign between business risk and enterprise risk and refers to COSO's definition of the latter term. According to it, ERM is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives (Enterprise risk management 2004, p. 6). ERM is conducted entity-wide and implies identification, investigation, quantification, response and monitoring of outcome of potential event. As a rule ERM is executed by internal auditors who report to managers or in many organizations directly to the board of directors. The procedure is designed to provide management of business risk and assure that decisions concerning reducing the risk are taken on daily basis. ERM is based on a principle that every entity exists to provide value for its stakeholders (FAQs, 2006; Internal control, 2006). COSO describes the following stages in the ERM process: internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring (ERM, businessdictionary.com, n.d). From the above-mentioned we can conclude that internal auditing and business risk are closely interconnected. At that the former should facilitate the latter. Generally audit resources should be applied at the areas of greatest business risk. Audit risk is an integral element of business risk as mistakes and failures in the very process of audit would inevitably lead to failure in managing business and therefore enhancing value.
2. Brief overview InterContinental Hotel Group is an example of great interest as for risk management among international hotel companies. IHG is the largest hotel company in the worlds offering more than 650Â 000 rooms, having more than 130Â 000Â 000 stays annually and running over 4500 hotels across over 100 countries across the globe. The major factor to establish peculiarities of risk which this company faces is that does not own by operates hotels. Is performs three basic types of business activities: a) franchising; b) managing; c) owning and leasing of hotels. Over 3Â 800 hotel are operated by the company under franchise agreements, 628 hotels are managed and only 16 hotels (which is less than 1 % of hotels the company deals with) are owned by the company. (Operating and financial review, 2006). So the major source of income for this company is franchising which means that the company's activities refer to intellectual property and branding rather than capital investment. Generally franchising is designed to avoid liability and expenses for material property. Therefore, risks connected with material capital do not affect directly the company while the risks relating to branding and intellectual property i.e. business schemes and development are of paramount importance. Franchising implies that franchiser (whose functions are performed by IHG) guarantee success of conducting business to franchisee (its client), i.e. sells a successful business model and takes part in organization of correct implementation of the aforementioned business strategy. Thereby one the main risks to threaten the company is failing to produce or implement a business model or a strategy or making a mistake in management. If a company, which works for itself, neglects some kind of risk, incurs financial losses or even goes bankrupt, it can restore it function by means of state loan or simply amending of dramatically changing its ways and policies of conducting business. Yet if a franchisee of IHG incurs losses due to inefficiency of a business schedule suggested by IHG, it shall dramatically affect the reputation of the latter. Thus other franchisees shall stop trusting the company and this can lead to breaking of a number of franchising contracts This is why IGH pays particular attention to risk management, carefully elaborates risk persist schemes and controls their implementation within its structural divisions.
3. Risks Facing the Company There are a number of challenges faced by companies which conducting risk audit. Firstly, it is not easy for them to obtain substantial resources necessary for desirable segregation of duties. Secondly, manager's domination can result into considering the unattained objectives to be attained. Finally, there is a problem of recruiting personnel with ample financial and administrative competencies. It is hard to switch from running the business to taking critical management. Limited technical resources impede maintaining general and application controls over computer data-bases and information systems (Internal control, 2006, p. 4 -5). Yet there are many examples of actual companies to have transformed these challenges into the principles they support. Rittenberg outlines four crucial components of risk relating to conducting an audit. They are business risk, financial reporting risk, engagement risk and audit risk. Business risk is a risk which influences operations and potential outcomes of entity's activities (****, p.122). Financial reporting risk refers to the recording of transactions and the presentation of financial data in financial statement of an organization. Engagement risk is encountered by auditors being associated with a particular client, whose outcome can be of damage to auditor company reputation, inability of the client to pay to the auditor, impediment of audit process by a dishonest manager. All four types of risk are interdependent. Business risk and financial risk emerge with the audit client and its environment, virtually shaping the two other types of risk. The result of risk management processes often determine further existence of a company or audit firm. The book suggests issuing an audit opinion on company's financial statements or on the effectiveness of its internal accounting controls as ways to minimization the auditor's risk (****, p. 121 - 122).
External risks InterContinental Hotel Group is exposed to many risks both internal and external. First and foremost is competition. Companies offering the same type of services can reduce the amount of clients. Also the availability of instructions and the development of IT technologies can affect the number of clients as they may well find the information needed for conducting successful business for much more attractive conditions. Changes in legislation also play an important role for the maintenance of the Groups business. The situation becomes more complicated as IHG is an international company so the Board and staff should follow and consider the changes in legislation of many countries at once as well as the international legislation and policy (e.g. signing of international MOUs, treaties, etc). To reduce this risk the company follows the upcoming event on the international agenda, makes correspondent investigations when contracts are concluded with representatives of new countries, follows changes in legislation of partner countries, hires or uses consultation of international policy leaders, amends their brand business strategies as to satisfy legislation of a given country, promotes its own business technologies so as to influence the way of business management or even impose its own ways. Sometimes it is hard to resist this risk as politician and third parties who promote their own interest interfere in this sphere. Also there is always a threat of international conflicts, civil unrest and similar phenomena. Also great many factors influence international and national legislation such as economy, politic situation (inside the country as well as in the world), natural disasters, demography and ecology. The company therefore conducts investigations in each of the mentioned spheres and employs respective specialists. It contributes to ecological projects (global and national) and pays attention to insurance. The almost worldwide business has the advantage that if there is a downfall in one region, a rise is likely to be in another, yet there might be general downfall of world economy.
Internal risks Some franchisees may have interest with would contradict the general policy if the group e.g. companies would not like or participate in projects connected with brand improvement. Also there can emerge internal clash of interest: some companies within the Group might desire the same things and be engaged into aggressive rivalry. To avoid these risks (which are internal) the company undertakes preliminary actions: enquiry into the strategies and interests of potential franchisee, including respective restrictions into franchising contract (that it is compulsory for this particular franchisee to participate in branch improving measures), the Group tends to provide strategies in such way that they reduce rivalry among franchisee companies (suggests alternative business schemes which imply different target submarket or category of services etc). Identification, retaining and adding new franchisees is no guarantee for the company as well. Recruiting and retaining skillful personnel as well as perfecting their skills is one of major concerns of the company and is also associated with risk. Significant risk refers to maintaining reputation of company's brand as well as protection of intellectual property. Generally the company employs a developed system of strategies which provides successful business for the company as a unity and each particular division. 4. Risk Audit 5. Risk Assessment 6. Risk Strategies Summary and Conclusion