Gloria So CPA, Partner, Risk Advisory Services, SW Hong Kong transitioned from audit to risk management. She talks about the role of technology in her specialism, and the common obstacles to sound internal controls at companies
What has been the biggest lesson in your career so far?
Be receptive to new ideas and information. The business environment is constantly changing, making it important for us to identify the latest trends. For example, instead of ordinary corporate governance practices, the Hong Kong Stock Exchange (HKEX) and listed companies now focus more on the environmental, social and governance-related risks and measures. Moreover, other than the ordinary vetting processes for listing applicants, the HKEX has recently introduced a special purpose acquisition companies listing regime. In order to adapt to these changes, we are required to equip ourselves with relevant knowledge from time to time. This learning process will remain unchanged for as long as we are still in this industry.
What do you like most about specializing in enterprise risk management?
The objective of enterprise risk management is to independently review an organization’s exposure to different sources of risks. By identifying, reviewing and evaluating the key risks that may affect our clients’ ability to achieve its business objectives, we could assist management to establish effective internal control mechanisms and take necessary actions to prevent potential losses and risks from taking place. The benefits of this includes efficient use of resources and effective coordination of regulatory and compliance matters. Compared to auditing, the performance of risk management requires more soft skills as we need to understand the clients’ industry, operations and objectives more thoroughly. Throughout the communication processes, we also have to assess their risk appetite and assist them to formulate a suitable mitigation plan. I find this highly interesting as I enjoy interacting with people.
In what ways has your CPA qualification helped you in your career?
The CPA qualification opens up great opportunities for me to meet people from different backgrounds and expertise. From various networking events and development programmes, I am able to communicate with these professionals and exchange our views on the latest hot topics. Their comments from different perspectives always help to broaden my knowledge.
How is technology playing a role in helping to tackle risk management challenges today?
Timely and accurate information is key to a successful risk management system. With enhancements in new technology that exploit big data and cloud computing, it is much easier for an organization to capture and analyse historic, current and forward-looking data. For example, real-time technology avoids the lag time between the occurrence of physical incidents and the receipts of information. As a result, management is able to react instantly to potential risks and implement suitable risk mitigation plans accordingly.
What are the most common internal control deficiencies you are seeing at the moment?
Governance and culture are of utmost importance, as they set the organization’s tone from the top. However, from many of the cases I have encountered, it is common for the management to not place enough emphasis on internal controls. No matter how well the policies are written or how many procedures are involved in the operating activities, without a sound governance culture, it can be challenging for an organization to establish a comprehensive and sound internal control system.