Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.

Slides:

Advertisements

Similar presentations

The Department of Energy Enterprise Risk Management Model

Advertisements

UW Risk Assessment Overview of Risk Assessment. UW Risk Assessment Overview of Risk Assessment Process Gather Information on Risk Universe Identify High.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Auditing Governance Functions

Control and Accounting Information Systems

Operational Risk ACSDA Leadership Forum ACSDA Leadership Forum New York City, USA - October 8-10, 2007 Diana Downward, DTCC.

It’s Time to Talk About Risk and Control

Understanding & Managing Risk

Introduction to Enterprise Risk Management (ERM)

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Internal Control.

Internal Controls Todd Olszowy VP Finance/CFO Water & Power Community CU.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Risk Assessment Frameworks

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Central Piedmont Community College Internal Audit _____________________________ What to Expect When You Are Audited November 2014.

Emerging and Strategic Risk Management TASSCUBO Janice M. Abraham, President & CEO.

Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.

Internal Auditing and Outsourcing

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

Chapter 3 Internal Controls.

RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Introduction to Internal Control Systems

Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,

Webinar for FY 2011 i3 Grantees February 9, 2012 Fiscal Oversight of i3 Grants Erin McHughJames Evans, CPA, CGFM, CGMA Office of Innovation and Improvement.

Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Internal Controls Christina Urias Managing Director – International Regulatory Affairs NAIC.

Chapter 9: Introduction to Internal Control Systems

DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.

Indiana Regional Sewer District Association October 26, 2015.

Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.

Risk and Innovation Janice M. Abraham, President & CEO, United Educators Tom W. Dwyer, Provost, Johnson & Wales University.

Audit Committee Presentation Annual Audit Plan

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Briefing to the Portfolio Committee on the Department of Rural Development and Land Reform on the audit outcomes for the 2013/2014 financial year Presenters:

1 - 1 Audit Plan Formulation Audit Activity and Results Assess prior audit reviews and findings to determine where additional audit and follow-up activities.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

The Proactive Risk Assessment: Keeping it Fresh. PRESENTER John Snell, CIA John is a partner at Moss Adams and has performed internal audit, enterprise.

What is Internal Audit University of Date. What/Who is Internal Audit? A University department that reports directly to the Board of Regents (BOR) through.

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Introduction to Enterprise Risk Management (“ERM”)

25 November 2009 Khadizha Gasanova Internal Control System in Russian Banks. Compliance-Control INTERNATIONAL BANKING INSTITUTE.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

CPA Gilberto Rivera, VP Compliance and Operational Risk

Presented by Jean Fecteau OEO Fiscal Analyst

Presentation to the Portfolio Committee on Finance

Accountability and Internal Controls – Best Practices

Enterprise Risk Management (ERM) at Clayton State University

2017 Administration and Finance Conference

Internal controls 01-Nov-2017.

Good practices for risk assessment and control activities

Data Security and Protection Toolkit Assurance 2018/19

Presentation transcript:

Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014

Importance of Risk Management Enterprise Risk Management (ERM) Commonly used by board members in their day job Equally important in your role on the governing board of your institution Higher Education Governing boards are more likely to take an “as needed” approach A crisis on your campus, a crisis on someone else’s campus, or an announcement of a reduction in funding Without a robust ERM process Institutions may be unprepared to address high-priority risks that may endanger strategic plans and institutional mission. Institutions may be unprepared to accept the risk of a bold initiative

What is ERM Identifying risk across the entire enterprise Assessing the impact of risk to the operations and mission Developing and practicing response or mitigation plans; and Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks. Two Important points Board members should specifically discourage senior leadership form only bringing positive issues forward and invite discussion about difficult, complex or “sacred cow” issues. Risk Management is not an end but a means to the end, with the end being the accomplishment of your Institution’s Mission.

What has the HEPC Done? Various issues at more than one Institution None or very small Internal audit departments at our Institutions Engaged Protiviti to perform an Internal Audit Risk Assessment For this purpose risk is defined as “the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood”. They reviewed risk exposure relating to the organization’s governance, operations and information systems Reliability & integrity of financial & operational information Effectiveness & efficiency of operation & programs Safeguarding of assets; and Compliance with laws, regulations, policies, procedures, & contracts

What has the HEPC Done (cont’d) Their process was robust and included interviews of 30+ members of our Institutions’ Administration Discussion focused on goals and objectives Key success factors to achieve goals and objectives Risks that would threaten the achievement of goals and objections Events or risks that would threaten or adversely impact the reputation of the institution Critical systems Planned changes in process, people & systems Other areas: Compliance/regulation requirements Decentralize activities Cash management and areas with potential for increase fraud risk Gathering and storing sensitive or non-public information

High Risks Identified Construction Absence of documented policies, procedure, controls Risk Type—Operational Financial Reporting Regulatory Compliance Absence of compliance departments that facilitates and monitors Compliance creates risk of fines, penalties, negative impact on reputation and future grant/other funding Risk Type-Legal & Regulatory/Reputation Date Security Lack of policies and procedures related to date security, resulting in increased risk of unauthorized access, resulting in fines, penalties, lawsuits and reputation Risk Type- IT/Reputation

High Risks Identified (cont’d) Procurement P-Card issues shows the risk of inappropriate use not being detected resulting in financial loss of the institutions funds. Risk Type – Operational/Financial Reporting Travel and Expense Absence of documented policies, procedure, and controls around T&E increases the risk of inappropriate expenditures resulting in financial loss of the Institutions funds. Risk Type- governance/operational/reputation/financial reporting

High Risks Identified (cont’d) Campus Security Inadequate policies, procedure and controls around campus security especially related to the Campus Security Dept. put the students & employees at risk and exposes the Institutions to reputational and compliance risk Risk Type – Operational/Reputation

Medium Risk Identified Financial reporting Grant Reporting and Compliance Succession Planning Endowment Management Records Retention

Next Steps Protiviti has developed an Internal Audit Plan around the six high risk areas identified The purpose of the audits in these risk areas will be to: Determine the level to which the risk is being mitigated Any further action required by the Institution to mitigate the risk to an acceptable level. Procedures and policies changed, recommended, deemed appropriate will be shared across the institutions as a way to mitigate the high risk areas identified. Who and how the medium risks are audited is yet to be determined.

Best Practices for Boards Re: Risk Management Require that management begin the process of developing a Risk Management System Acknowledge that the board, its committees and senior management are responsible for overseeing the process Understanding that Risk Management is a process, not a project. That means it gets incorporated into the ongoing work of the of the full board and its committees Agree to question the “sacred cows” aspects of the institution so they can be assess and managed Get risk assessment and review of the annual work plan of the board and its committee. Get away from the “as needed” practice of dealing with risk.