An example of a requisition is a request for the withdrawal of an item from
*inventory.
research and development (R&D) Investigations of a *long-term (and often scientific) nature intended to develop new *products and services.
Depending on the specific circumstances of R&D activity, *Generally Accepted Accounting Principles around the world set strict criteria for the treatment of R&D costs as either *revenue expenditure or items to be *capitalized and
*amortized.
reserve 1.An alternative term for *provision (definitions 1 and 2). 2.Addi- tional amounts of *inventory, *money, or other items maintained for opera- tional or *investment purposes. 3.An alternative term for *retained earnings.
4.The setting aside of *retained earnings for a specific purpose.
224• residual risk
residual risk The *risk remaining after the application of *risk management techniques and *internal controls. It is often impossible to eliminate risks entirely; but risks can be managed to levels that an organization’s managers deem to be acceptably low. The culture of an organization (its *risk appetite) tends to determine levels of acceptable residual risk. See also *net risk.
residual value 1.The value of an asset at the end of its *useful economic life.
Residual values tend to be based on resale or *scrap values, less any disposal or selling costs. The costs of assets subjected to *amortization normally exclude residual values. 2. The value of an asset, less amortization charges, at any stage of its useful economic life.
responsibility accounting A system of *management accounting in which
*individual managers are held *accountable for operational and financial per- formance. See also *accountability.
restatement The revision of an *accounting or *financial statement item to incorporate specific changes.
retained earnings Accumulated *net income recorded as *stockholders’ *equity in a corporation’s *balance sheet. Retained earnings are normally available for distribution as *dividends.
return 1.*Income derived from investments. Returns from investments can be in the form of *cash or *appreciations in *asset values. For example, investors in a corporation’s *common stock hope for returns from both *dividend income and *appreciations in the market value of the stock. 2.An abbreviated term for *customer return. 3.The submission of a formal report or document, such as a *taxation calculation.
revaluation 1.An increase in the *value of an *asset that is *recognized in
*financial statements. Revaluations are normally made to bring an asset’s
*book value into line with its *market value. 2.An increase in the value of a
*currency in relation to other currencies, usually resulting from an intentional government policy. Contrast *devaluation.
revenue See *income.
revenue expenditure Expenditure on *short-term expenses that is charged to an *income statement in the period in which it is incurred. Contrast *capi- tal expenditure.
review 1.A formal assessment of an activity with the intention of suggesting or implementing changes. In the context of external auditing, a review implies an
risk •225
audit-type investigation that does not meet the full requirements of *Generally Accepted Auditing Standards. 2.An abbreviated term for *analytical review.
Revue Franỗaise de la Comptabilitộ A French-language accounting mag- azine. Published monthly by the *Ordre des Experts-Comptables in France, and available in print and online formats, the Revuecontains news and pro- fessional developments in accounting and external auditing, with particular focus on France and the European Union.
Web link: www.experts-comptables.org/html/pub/publi/rfc.html
reward An increase in wealth through *income, the transfer of *cash, or the
*appreciation of an asset. The term reward is often used in contrast to *risk—
for example, “the partners all accepted the risks and rewards of the transaction.”
Ridley, Jeffrey (born 1930) A British internal auditing academic, author, and practitioner. Since 1991 Ridley has been Visiting Professor of Auditing at South Bank University in London. Along with *Andrew Chambers and
*Gerald Vinten, Ridley has been one of the United Kingdom’s leading advo- cates of internal auditing. A former president of the *Institute of Internal Auditors UK and Ireland, he is the author of many articles on internal audit- ing, and of the books International Quality Standards: Implications for Internal Auditing (1996), coauthored with Kystyna Stephens, and Leading Edge Internal Auditing(1998), coauthored with Andrew Chambers. In addi- tion to internal auditing, his other areas of interest include *corporate gover- nance and *quality management.
Further reading: Ridley and Stephens (1996); Ridley and Chambers, A.
(1998)
right A legal or moral entitlement to something.
right of return A *contractual agreement that gives the explicit right of *cus- tomer return of a *product.
risk The *probability of the occurrence of an event with negative consequences.
The IIA defines risk as “the probability that an event or action, or inaction, may adversely affect the organization or activity under review” (quoted in Hermanson and Rittenberg, 2003, 35). Risk leads to *opportunity costs as well as traditionally understood *costs, and it can be quantified in terms of (i) like- lihood of occurrence and (ii) financial or operational outcome. While some risks can be quantified only with difficulty, they can at a minimum be categorized as high, medium, or low, in terms of both likelihood of occurrence and financial or operational outcome.
226• risk acceptance
Risks are often interpreted as potential barriers to the achievement of the objectives or goals of an activity or organization. Typical areas of risk in mod- ern organizations include the following: (i) strategic and *planning risks, (ii)
*fraud, (iii) *credit risks, (iv) operational risks (including health and safety concerns), (v) legal matters, (vi) *regulatory risks, (vii) accounting risks, (viii) technological risks (including the *obsolescence of manufactured products), and (ix) *treasury risks. Many of these risks are not stand-alone items, as their interrelations can be complex.
A study by the Institute of Internal Auditors (IIA UK, 1998, section 2.2) identified three underlying primary causes of risk: (i) the random nature of events, (ii) imperfect or incomplete knowledge, and (iii) lack of *control.
See also (in addition to the dictionary’s entries that begin with the word risk) *absolute risk, *audit risk, *Control Risk Self Assessment, *credit risk,
*enterprise risk management, *interest rate risk, *portfolio risk, *reputation risk, *sampling risk, *systematic risk, *uncertainty, and *unsystematic risk.
Further reading: Bernstein (1996); Doherty (2000); IIA UK (1998)
risk acceptance An informed decision to accept the *risks (and *rewards) of an activity or *market. For example, the risks of operating in high technology markets can be extremely high, owing to the danger of rapid *product *obso- lescence, but markets of this type can offer extremely attractive *returns to its
*risk-seeking participants. Risk acceptance decisions can also occur on geograph- ical lines. In the period following the Argentine financial crisis that started in late 2001, for example, some *multinational corporations may have been tempted to pull out of the country on the basis of unacceptably high economic and polit- ical risks. On the other hand, some *investors justified continued activity in Argentina on the grounds of a long-term view of that country’s economic health. Pulling out of a market only to re-enter it later can be a more costly option than remaining throughout a period of crisis. Contrast *risk avoidance.
risk analysis An alternative term for *risk assessment.
risk appetite The willingness of investors to assume *risks in order to achieve
*returns. Risk appetites range from *risk-averse to *risk-seeking.
risk assessment The identification, analysis, and measurement of *risks relating to an activity or organization. Risk assessment comprises the initial stages of *risk management, and it is one of the five components of effective
*internal control identified in *Internal Control—Integrated Framework(the COSO Report). Risk assessment practices have spread beyond their historic heartlands of the *insurance and financial services sectors to enter the wider organizational mainstream. In turn, the centrality to *corporate governance of
risk aversion • 227
both external and internal auditing has resulted in risk assessment becoming central to auditing.
Auditors use risk assessment to prioritize work and to maximize resources.
For example, risk assessment techniques can be used to identify suitable areas for review in a large *audit universe, and to identify specific *audit tests for a defined topic. This approach contrasts with the often cyclical nature of *audit planning prior to the 1990s. Some commentators have expressed reservations over the extensive use of risk assessment techniques in auditing: “A worry is that over emphasis on risk assessment may perpetuate the traditional culture of the risk-averse internal auditor, with risk being seen as something to avoid rather than being an opportunity to be exploited” (Vinten, 1996, 93). However, risk assessment is now generally considered to be indispensable to effective auditing.
Risk assessment for both auditing and wider corporate governance purpos- es can take the form of *quantitative or *qualitative measurements, or a com- bination of the two. Some commentators make a distinction between risks (quantifiable) and *uncertainties (unquantifiable). The dangers of attempting to place overreliance on quantitative risk assessment techniques has been expressed as follows: “On occasion the calculation of risk assessment ‘formulae’
seems to provide a veneer of pseudo-scientific clarity to complex matters that cannot be captured purely by numbers . . . Risks are often difficult (and some- times impossible) to quantify, and over-reliance on quantified data may reduce the scope for intuitive assessment. The risk assessor who over-relies on num- bers often therefore seems to dance around the heart of the risk assessment process, never quite managing to penetrate its core. In extreme cases, over- elaborate risk assessment processes can detach themselves from the organiza- tional realities they purport to represent. A curious scenario then develops, in which risk-assessment becomes a self-referential exercise divorced from the surrounding context. In such cases, the process has as much to do with effec- tive risk assessment as the obsessive polishing of a car has to do with main- taining its engine” (O’Regan, 2003a, 41). In practice, risk assessment often involves a combination of quantitative and qualitative factors.
Further reading: AS/NZS 4360(1999); IIA UK (1998); Messier and Austen (2000); Reding et al. (2000); Shelton et al. (2001)
risk aversion Attitudes toward *risk characterized by avoidance or minimiza- tion. Risk-averse investors are deemed to have low *risk appetites—they prefer certain but relatively low rates of *return over doubtful but higher rates of return. For example, an individual who chooses to receive $100 with certainty rather than a 50 percent chance of receiving $200 would be classified as risk- averse. Contrast *risk-seeking.
228• risk avoidance
risk avoidance An informed decision not to accept the *risks (and *rewards) of an activity or *market. Refraining from involvement in an activity or a mar- ket, or disengaging from existing commitments, can sometimes be a costly strategy, as it can involve significant *opportunity costs. At the end of the Korean War in 1953, for example, South Korea was one of the world’s poorest countries, with a *per capita *Gross Domestic Product comparable to India and Central Africa. The devastation of war had destroyed much of the country’s infrastructure and industrial base, but over the following decades the country’s rapid economic growth was little short of miraculous. By the 1990s, South Korea had become one of the most affluent countries in the world.
International *investors who accepted the risks of operating in war-devastat- ed South Korea in its early years were rewarded during the subsequent eco- nomic boom, while those who initially avoided South Korea faced expensive entry costs as latecomers to a dynamic Asian “tiger” economy. Contrast *risk acceptance.
risk-based auditing (RBA) Auditing in which *audit objectives and *audit planning are driven by a *risk assessment philosophy.
risk committee A committee of a *board of directors (or similar governing body) that oversees an organization’s *risk management policies. Risk com- mittees are a relatively new concept in the early twenty-first century, and are not as widespread as *audit committees. In many organiziations, audit com- mittees take on the duties typically associated with risk committees.
risk elimination The complete removal of a *risk. Unlike *risk avoidance, risk elimination does not necessarily imply nonengagement in (or disengagement from) an activity or *market. Risk elimination techniques can be costly. For example, an organization can eliminate its foreign exchange rate risk by the full *hedging of foreign currency liabilities, but it can find itself locked into
*contractual exchange rates that turn out to be unfavorable at transaction
*settlement dates. Further, many risks can never be entirely eliminated. The risk of theft in a warehouse can be reduced to acceptable levels, for example, but it can almost never be eradicated. See *risk minimization.
risk event An occurrence that gives rise to a *risk.
risk factorAn element of *risk included for consideration in a *risk assessment or *risk management exercise.
risk-free Involving no *risk.
risk minimization • 229
risk identification The process of establishing the existence and nature of
*risks. Risk identification is the first stage of a *risk assessment exercise.
risk management The assessment, evaluation, and monitoring of *risks in an activity or organization, with the undertaking of necessary corrective actions.
Risk management is a comprehensive process that aims to create a disciplined environment for the achievement of an organization’s objectives. The monitor- ing and corrective actions arising from risk management tend therefore to focus on *procedures and *internal controls that provide reasonable *assur- ance on the achievement of objectives. Five risk management strategies are
*risk acceptance, *risk avoidance, *risk elimination, *risk minimization, and
*risk transfer. It is frequently observed that risk management may increase a corporation’s *value by reducing risks and, thereby, reducing *cost of capital.
A recent risk management standard defines risk as “the culture, process and structures that are directed towards the effective management of potential opportunities and adverse effects” (AS/NZS 4360, 1999). *Risk assessment is the first stage of a *risk management process, which may or may not involve the measurement of risk by formal quantification. Typically, this depends on the nature of the risks to be addressed, as well as on management objectives.
Risk management can be performed at an organization-wide level (when it is often called *Enterprise Risk Management) or at the more discrete level of individual departments, processes, or other operational units. Typical risk management functions in organizations include departments or suppliers pro- viding (i) internal auditing, (ii) external auditing, (iii) *insurance, (iv) *quality control, and (v) health and safety monitoring.
Further reading: AS/NZS 4360(1999); Crawford and Stein (2002); Doherty (2000); IIA UK (1998); McNamee and Selim (1998)
Risk Management and Governance Board A board of the *Canadian Institute of Chartered Accountants (CICA) that provides guidance on *corpo- rate governance, *internal control, and *risk management. The CICA Web site states the board’s mission to be as follows: To “develop and promote guidance and related materials to provide opportunities for...focusing on improving the quality of corporate governance and risk management in organizations.” Prior to 2001, the Board was known as the *Criteria for Control (CoCo) Board, and its 1995 *Guidance on Controlhas an international reputation as a *control framework of enduring value.
risk minimization A *risk management technique that reduces the likelihood of occurrence of a *risk or reduces the potential impact of a *risk. If a risk has been managed to acceptable levels of *residual risk, the incremental costs of
230• risk premium
attempting *risk elimination may be unacceptably high. For example, an organization may significantly reduce levels of *inventory *shrinkage by estab- lishing robust security measures around a warehouse. Once an acceptable level of shrinkage has been achieved, it may be too costly to spend more on security measures, as additional investment may result in an unacceptably small benefit.
risk premium An additional *return on a high-*risk *investment required to
*reward investors for assuming a high level of risk.
risk ranking The listing of *risks in a *risk register in order of severity.
Severity can be measured in terms of: (i) the likelihood of occurrence of a risk, (ii) its potential financial or operational outcome, or (iii) a combination of (i) and (ii).
risk register A list of an organization’s *risks identified in a *risk assessment exercise.
risk retention An alternative term for *risk acceptance.
risk-seeking Readiness to assume high rates of *risk in order to achieve oppor- tunities for high *returns. Risk-seeking investors are deemed to have high
*risk appetites. In contrast to a *risk-averse individual, for example, a risk- seeker would tend to reject the offer of a certain $100 in favor of a 50 percent chance of receiving $200. Gamblers are classic risk-seekers.
risk sharing A partial or incomplete *risk transfer.
risk transfer A *risk management strategy that involves the moving of a *risk from one individual, activity, or organization to another. Risk transfer can imply the moving of an entire risk elsewhere, but in practice it tends to involve the sharing of risk with another party. *Insurance cover is a classic risk trans- fer strategy, and it illustrates that risk transfer strategies can be very costly.
In 2001, for example, a guerrilla attack on Sri Lanka’s Colombo International Airport destroyed a number of commercial airliners, and antiwar insurance
*premiums rocketed by over 300 percent for commercial airlines operating to and from that country. Other potential risk transfer parties include *cus- tomers, *suppliers, *agents, and *joint venture partners. A transfer of risk does not imply a transfer of *accountability, as an organization’s management remains responsible for the results of its risk management strategy.
ritualistic audit An *audit of limited value or ambition that is restricted to the performance of predictable *audit tests. A ritualistic audit can create an impression of the reliability and orderliness of the *auditees’ activities, but at
Rutteman Report • 231
worst it does little more than offer a rather dubious legitimacy to the subject matter of an audit.
Further reading: Mills and Bettner (1992)
rollover 1.A renewal of a *loan or other type of borrowing. 2.A transfer of
*funds between investments following the *maturity of individual investments.
3.A transfer of *taxation relief between different activities or time periods.
Roth, James (born 1947) A U.S. internal auditing and *corporate gover- nance specialist. Roth is a prolific author on internal auditing topics. He has written numerous articles, many of which have appeared in *Internal Auditor magazine, and his books include Best Practices: Value-Added Approaches of Four Innovative Internal Auditing Departments (Roth, 2000) and Internal Audit’s Role in Corporate Governance: Sarbanes-Oxley Compliance(Roth and Espersen, 2003). President of the consulting firm *AuditTrends, Roth is a prominent public speaker on internal auditing. His areas of interest include
*operational auditing, *soft controls, and the *Sarbanes-Oxley Act.
Further reading: Roth (2000); Roth (2002); Roth (2003); Roth and Espersen (2003)
Web link: www.audittrends.com/JR.htm
rounding To restate an amount as a convenient, whole number, rather than as a fraction or decimal.
royalty A payment made for the use of the property of an individual or organi- zation. Examples of royalties include (i) payments by publishers to authors for the latter’s intellectual capital as captured in books and (ii) payments for the use of a *brand name under a *franchise agreement.
Rutteman Report A British *corporate governance report of 1994. The report’s formal title was Internal Control and Financial Reporting: Guidance for Directors of Listed Companies Registered in the UK.The Rutteman Report was prepared to give guidance on the internal control provisions of the
*Cadbury Reportof 1992. The Rutteman Reporthas been superseded by sub- sequent corporate governance developments in the United Kingdom, notably the *Hampel Report of 1998 and the related internal control guidance of the 1999 *Turnbull Report.
Further reading: Rutteman Report(1994)