Risk Assessment Beginning an Analysis Date by Jim Bowman.

Slides:



Advertisements
Similar presentations
1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.
Advertisements

1 Regulation. 2 Organisational separation 3 Functional Separation.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Control and Accounting Information Systems
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
Internal Control.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Risk-Focused Examinations David Vacca, Assistant Director – Insurance Analysis & Information Services, NAIC Welcome to the © 2009 The National Association.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Purpose of the Standards
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Internal Auditing and Outsourcing
Control and Accounting Information Systems
An Educational Computer Based Training Program CBTCBT.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Introduction to Internal Control Systems
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.
Internal Control in a Financial Statement Audit
Internal Control in a Financial Statement Audit
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
Webinar for FY 2011 i3 Grantees February 9, 2012 Fiscal Oversight of i3 Grants Erin McHughJames Evans, CPA, CGFM, CGMA Office of Innovation and Improvement.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Chapter 9: Introduction to Internal Control Systems
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
ISO Registration Common Areas of Nonconformances.
Purchasing Forum – May The integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
CHAPTER 3 Management Systems. Learning Objectives Describe the basic business activities and tools necessary to implement successful industrial hygiene.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
SUNY Maritime College Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal.
An Overview on Risk Management
Internal Control.
ISO/IEC
RISK MANAGEMENT IN THE TREATMENT OF OPIOID DEPENDENCE
COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,
Governance & Control in ERP Systems
Internal control objectives
Building the Foundation of Compliance
PLANNING THE INTERNAL AUDIT (8 - 10%)
Building the Foundation of Compliance
COSO Internal Control s Framework
The Role of the Internal Audit Department
Tim Grow, CPA Charleston Office Managing Shareholder
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
An overview of Internal Controls Structure & Mechanism
Quality Assurance in Clinical Trials
Presentation transcript:

Risk Assessment Beginning an Analysis Date by Jim Bowman

Background Goals Definitions Planned Evolution Risk Assessment Overview Risks Assessments Scoring Background Goals Definitions Planned Evolution Date by Jim Bowman

Effective and efficient business operations Risk Assessment Overview Risks Assessments Scoring Background Corporate fraud in the 1990’s led to a recognized need for Boards of Directors to provide reasonable assurance in achieving 3 objectives: Effective and efficient business operations Reliable financial reporting Compliance with laws and regulations Date by Jim Bowman

Background (Continued) Risk Assessment Overview Risks Assessments Scoring Background (Continued) Controlling risks requires: A controlled environment/culture Risk Assessment Control Activities Information and Communication Monitoring Date by Jim Bowman

Improve Business Success Risk Assessment Overview Risks Assessments Scoring Goals Reduce Risks Increase Confidence Improve Business Success Date by Jim Bowman

Risk – The possibility that something will go wrong Risk Assessment Overview Risks Assessments Scoring Definitions Risk – The possibility that something will go wrong Assessment – The likelihood that the adverse event will happen and the impact it would have on the business Scoring – Prioritizing our attention to making improvements Date by Jim Bowman

Planned Evolution for Making a Risk Assessment: Overview Risks Assessments Scoring Planned Evolution for Making a Risk Assessment: Step 1 Identify the universe of risks Step 2 Evaluate the effectiveness of controls Step 3 Determine how to monitor the risks Date by Jim Bowman

Planned Evolution (Continued) Risk Assessment Overview Risks Assessments Scoring Planned Evolution (Continued) Assess the likelihood and potential negative impact if the adverse event occurred Step 4 Step 5 Prioritize needed improvements Step 6 Review and update the Risk Assessment monthly Date by Jim Bowman

1. Key Business Activities Risk Assessment Overview Risks Assessments Scoring Identify the Universe of Risks from: 1. Key Business Activities 2. Prior Audits 3. Regulatory Requirements Date by Jim Bowman

1. Key Business Activities Risk Assessment Overview Risks Assessments Scoring 1. Key Business Activities By Departments Department activities have risks Each job function has risks Clinical Risks Services, Products, Equipment, Personnel Research, Patient Privacy and Safety and Care Variances, Licenses, Accreditation Quality of Services, Performance Measures Proper Documentation Date by Jim Bowman

1. Key Business Activities, Continued Risk Assessment Overview Risks Assessments Scoring 1. Key Business Activities, Continued Business Risks Billing, Revenue Cycle and Cost Reports Contracts and Leasing Arrangements Insurance Human Resources Policies and Procedures Information Technology and Security Organizational Risks Unique Governmental Requirements Tax Status Date by Jim Bowman

2. Prior Audits Risk Assessment Recent External Audits Overview Risks Assessments Scoring 2. Prior Audits Recent External Audits Findings Management Responses Follow Up Corrective Actions Recent Internal Audits Findings and Corrective Actions “Hot Topics” Requiring Further Work Date by Jim Bowman

3. Regulatory Requirements Risk Assessment Overview Risks Assessments Scoring 3. Regulatory Requirements Governmental Obligations and Requirements Laws and Rules that Regulate the Business Governmental Investigations into Fraud and Abuse Regulatory and Accreditation Standards Governmental Alerts and Bulletins Relevant Court Cases (Prosecution and Litigation) Sentencing Guidelines National Database of Healthcare Practioner Fraud and Abuse Date by Jim Bowman

3. Regulatory Requirements, Continued Risk Assessment Overview Risks Assessments Scoring 3. Regulatory Requirements, Continued Other Resources OIG Work Plan OIG Compliance program Guidance OIG Supplemental Guidance Relevant Newspaper Headlines Information from Internet, Newsletters and Professional Organizations Date by Jim Bowman

Once the risk topics have been identified, Risk Assessment Overview Risks Assessments Scoring Once the risk topics have been identified, List them within broad categories, such as: Sales and Marketing Providing Clinical Services Environmental Health and Safety Confidentiality and Privacy Records Management Human Resources Licensing, Registration, Certification, Accreditation Clinical Research Vendor Relations…or others as needed Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Please refer to the sample Risk Assessment Spreadsheet for this section. This section will focus on assessing risks by using the six spreadsheet columns to the right of each risk topic. Date by Jim Bowman

1. Obligation 2. Policy and Guidelines 3. Internal Controls Risk Assessment Overview Risks Assessments Scoring 1. Obligation 2. Policy and Guidelines 3. Internal Controls 4. Control Adequacy 5. Audit/Monitoring 6. Follow Up Date by Jim Bowman

1. Obligation Risk Assessment Overview Risks Assessments Scoring 1. Obligation Identify the Regulatory Obligation or Compliance Risk that must be met for each risk topic. Enter it into the spreadsheet. The Obligation should be a “positive” statement. An example is “Accurately promote products consistent with FDA approval.” A negative statement would be “Don’t violate FDA approved promotions.” Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring 2. Policy and Guidelines List all Company Policies and Guidelines that refer to each of the risk topics. Enter those items into the spreadsheet for each risk topic. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring 3. Internal Controls Identify all Internal Controls for each risk topic. Internal Controls are documentation that include training materials, signed training completion certifications, policies, procedures, completed checklists and forms, etc. Enter all Controls into the spreadsheet for each risk topic. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring 4. Control Adequacy Evaluate the Controls for their adequacy in preventing risks. At this point, the Controls are either Adequate or Needs Improvement. Enter either Adequate or Needs Improvement into the spreadsheet for each risk topic. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring 5. Audit/Monitoring List all documented forms of auditing and/or monitoring that tests the effectiveness of each Control in preventing risk. Enter all of the audits or monitors into the spreadsheet for each risk topic. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring 6. Follow Up Describe what Follow Up should be done for each risk topic whose Control was Needs Improvement. Enter the Follow Up work into the spreadsheet for each risk topic. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring At this point, there should be a number of risk topics that require Follow Up. The next step will be to prioritize Follow Up work to the topics with the most risk. In order to do this, Scoring each Risk that Needs Improvement must be done. Date by Jim Bowman

Scoring the Risk Topics is based on: Risk Assessment Overview Risks Assessments Scoring Scoring the Risk Topics is based on: 1. Likelihood 2. Impact The results of the Scoring will be used to prioritize Follow Up work based on the severity of risk to the business. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Scoring involves quantifying the relative magnitude of risk based on past occurrences and the potential negative impact on the business. A particular risk topic may have either a high or low likelihood of occurring. Similarly, a risk may have either a high or low negative impact on the business. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Obviously, a risk that has a high likelihood and a high impact should receive our foremost attention. Similarly, a risk that has a low likelihood and a low impact does not require such a high level of attention. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Risk Scoring can yield results that can be displayed on a diagram such as this: A B C D E F G H 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Quadrant #1 shows risk topics that scored both High Likelihood and High Impact: A B C D E F G H 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Quadrant #2 shows risk topics that scored a Low Likelihood and High Impact: A B C D E F G H 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Quadrant #3 shows risk topics that scored a High Likelihood and Low Impact: A B C D E F G H 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Quadrant #4 shows risk topics that scored a Low Likelihood and Low Impact: A B C D E F G H 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring The numerical sequence of quadrants guides our priority in addressing risks. A B C D E F G H 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 Impact Likelihood HIGH, HIGH 3 1 HIGH, LOW 2 4 LOW, LOW LOW, HIGH Date by Jim Bowman

We will look at each scoring block. Risk Assessment Overview Risks Assessments Scoring Now, let us determine a Likelihood and an Impact score for each risk topic. In the accompanying sample spreadsheet, for each risk topic there are five Likelihood scoring blocks and four Impact scoring blocks. We will look at each scoring block. Date by Jim Bowman

Likelihood Risk Assessment Occurrence of past errors a. No = 0 Overview Risks Assessments Scoring Likelihood Occurrence of past errors a. No = 0 b. Yes (minor) = 2 c. Yes (many) = 4 Date by Jim Bowman

Likelihood Risk Assessment Degree of complexity of the process Overview Risks Assessments Scoring Likelihood Degree of complexity of the process a. Not complex = 0 b. Somewhat complex = 2 c. Very complex = 4 Date by Jim Bowman

Likelihood Risk Assessment Degree of Manual versus Automated Overview Risks Assessments Scoring Likelihood Degree of Manual versus Automated a. Automated = 0 b. Somewhat automated = 2 c. Manual = 4 Date by Jim Bowman

Likelihood Risk Assessment Overview Risks Assessments Scoring Likelihood Stability or degree of changes in people, systems and processes a. No changes, stable = 0 b. Some changes, somewhat unstable = 2 c. Many changes, very unstable, or new = 4 Date by Jim Bowman

Likelihood Risk Assessment Overview Risks Assessments Scoring Likelihood Effectiveness of controls, as demonstrated in past audits and monitors a. Good = 0 b. Not audited = 2 c. Needs Improvement = 4 Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Likelihood When you add the five Likelihood scores together, a sum greater than 7 is considered to be High Likelihood. Enter the Likelihood scores and total into the spreadsheet. Date by Jim Bowman

Impact Risk Assessment Frequency and volume of transaction Overview Risks Assessments Scoring Impact Frequency and volume of transaction a. Small = 0 b. Medium = 3 c. Large = 5 Date by Jim Bowman

Impact Risk Assessment Direct impact on regulatory requirements Overview Risks Assessments Scoring Impact Direct impact on regulatory requirements a. No regulatory requirement = 0 b. Regulatory requirement = 5 Date by Jim Bowman

Impact Risk Assessment Overview Risks Assessments Scoring Impact Range of possible loss of revenue (fines, lost business, litigation) a. No loss = 0 b. Minimal refund = 2 c. Systemic issue, large refund = 4 d. Large refund and penalties or fines = 6 Date by Jim Bowman

Impact Risk Assessment Reportable to the government a. No = 0 Overview Risks Assessments Scoring Impact Reportable to the government a. No = 0 b. Yes = 5 Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Impact When you add the four Impact scores together, a sum greater than 10 is considered to be High Impact. Enter the Impact scores and total into the spreadsheet. Date by Jim Bowman

Risk Assessment Overview Risks Assessments Scoring Next Steps The objective of a Risk Assessment is not to simply make an Audit Plan, but to make the business better by improving the weaknesses. A report of the Risk Assessment findings and a strategic plan to address the highest priorities should be made into a Compliance Work Plan. Date by Jim Bowman

Next Steps The Compliance Work Plan should include: Risk Assessment Overview Risks Assessments Scoring Next Steps The Compliance Work Plan should include: The results of the Risk Assessment A list of the highest priority risk topics A strategic plan for follow up work Monthly review of the Risk Assessment Add new risk topics as they arise Date by Jim Bowman

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.