Organization Audit, Risk and Compliance (ARC) Working Session November 21, 2017

MEMORANDUM OF UNDERSTANDING (MOU) & OTHER CONTRACTS/AGREEMENTS Reporting Framework (using existing information and reports you already have) ARC Policy Group Brings Policies forward for review and approval AUDIT RESULTS & MANAGEMENT RESPONSES ERM & EH&S report on Cost of Risk, Complex Claims, Trends MEMORANDUM OF UNDERSTANDING (MOU) & OTHER CONTRACTS/AGREEMENTS Financial report on significant budget risks and presentation of financial statements STRATEGIC PLAN - KPI monitoring Key Stakeholders with KPIs that are not met present at ARC Meeting Legal, Investigations and Whistle Blower matters and trends Risk Registry Key Stakeholders report in on mitigation efforts on top Residual Risks SERMP IT Security Management Program present dashboard on progress Semiannual Semiannual Monthly Quarterly Monthly TRACK – Implementing Core KPIs for Quarterly Tracking Provide A&F Cabinet members with an opportunity to highlight core set of key performance measures (KPIs) that will be showcased in the 2015-16 LRAP quarterly reviews, and present baseline and target metrics. Review and agree on strategy to monitor full set of balanced scorecard KPIs for departments Bimonthly Annual/Monthly Bimonthly Quarterly

Enterprise Risk Management Let’s Understand Risk Enterprise Risk Management ?

Possible NEXT STEPS December - ARC Charter Document available for review January  - First ARC meeting wherein Audit, Risk Management, and Compliance issues and findings are presented (these will be issues that have arisen through the routine processes already in place) February - March – Development of Risk Assessment and Risk Registry that is aligned with Strategic Plan and KPIs based on review of existing documents, data, and input from ARC Members and others June – presentation of Risk Registry to ARC Committee and 2nd report in on routine audit, risk and compliance issues and findings July – December ARC activities to be developed based on Risk reports