UNIVERSITY OF PENNSYLVANIA 1 ASSESSING AND MITIGATING BUSINESS RISK USING INTEGRATED INTERNAL CONTROL FRAMEWORK.

Slides:



Advertisements
Similar presentations
Internal Control Integrated Framework
Advertisements

Office of the Controller and Internal Controls Sandra Featherson Associate Director of Controls Office of the Controller February 2010.
An Internal Control Overview
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
1 Continuous Learning for Administrators of Sponsored Programs (CLASP) A Joint Initiative of the Office of Research and Costing Standards (ORACS), Office.
Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Risk Assessment Frameworks
Presented By: Donna Denker, CPA Donna Denker & Associates.
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Information Systems Controls for System Reliability -Information Security-
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.
Internal Auditing and Outsourcing
Internal Control and Control Self-Assessment
An Educational Computer Based Training Program CBTCBT.
Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Introduction to Internal Control Systems
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
This Lecture Covers Review of Internal Control Definitions.
Chapter Three IT Risks and Controls.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.
Enterprise Risk Management
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Internal Control in a Financial Statement Audit
EEC Internal Control Plan (ICP) FY2013. Direction from Secretary Malone Acting EEC Commissioner Thomas Weber shall initiate a top-to-bottom review of.
Agency Risk Management & Internal Control Standards (ARMICS)
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
Section Topics Risk and control terminology Risk elements
Indiana Regional Sewer District Association October 26, 2015.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.
Internal Control Systems
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
Internal/External Audit and Internal Controls February 23, 2000 David Dudley Federal Reserve Bank of NY.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems.
Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.
What is Internal Audit University of Date. What/Who is Internal Audit? A University department that reports directly to the Board of Regents (BOR) through.
Welcome to Workforce 3 One U.S. Department of Labor Employment and Training Administration Webinar Date: Thursday, July 16, 2015 Presented by: Office of.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
SUNY Maritime College Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal.
South Texas College Fraud Awareness and Internal Controls
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT
Internal Controls Policies and Procedures
The Elements of appropriate Internal Controls
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

UNIVERSITY OF PENNSYLVANIA 1 ASSESSING AND MITIGATING BUSINESS RISK USING INTEGRATED INTERNAL CONTROL FRAMEWORK

UNIVERSITY OF PENNSYLVANIA 2 BUSINESS RISK - WHAT IS IT? Threats to achieving organization’s business objectives

UNIVERSITY OF PENNSYLVANIA 3 EXAMPLES OF BUSINESS RISK Having shortsighted goals Processes are ineffective to achieve progressive goals Financial fraud Failure to comply with government regulations Tarnishing reputation

UNIVERSITY OF PENNSYLVANIA 4 WHY BE CONCERNED ABOUT RISK? Fierce competition Pressure for increased productivity, responsiveness and responsibility, while reducing costs Powerful new technologies Increased external scrutiny More decentralized accountability

UNIVERSITY OF PENNSYLVANIA 5 BUSINESS RISK CAN BE CATEGORIZED - type of business risk that most quickly comes to mind Financial* - protecting monetary funds Strategic - goals of the organization Operational - processes that operationalize goals Compliance - laws and regulations Reputational - public image

UNIVERSITY OF PENNSYLVANIA 6 CURRENT EXAMPLES OF FINANCIAL AND REPUTATIONAL DAMAGE Public Demand for Improved Control University of Minnesota Misuse federal grants $32 mil New York University Medical Center Inflated research grant costs $15.5 mil Duke University Sexual harassment $0.5 mil University of Chicago Research fraud and abuse $650,000 Miscellaneous Scientific Misconduct Johns Hopkins Harvard (2) Yale University of Michigan Conflict of Interest $100,000 penalty/1 year probation For Chief Urologist Duke University Medical Center Human Subject Protections University of Wisconsin- Madison False Statements $10,000 Fine/ Prison Birmingham-Southern College Gift/Development Impropriety Columbia/HCA $745 mil Medicare billing

UNIVERSITY OF PENNSYLVANIA 7 WHO NEEDS TO BE CONCERNED ABOUT RISK? Everyone in the organization –Agenda for Excellence: “Upgrade the University’s Internal Controls and Compliance mechanisms” 1 Understand your role in identifying and mitigating risk 1 - Source:Agenda for Excellence, Strategic Goal 3, Subgoal 3(b),page S-6

UNIVERSITY OF PENNSYLVANIA 8 WHAT CAN BE DONE ABOUT RISK? Eliminate Accept Transfer - insure, outsource Mitigate

UNIVERSITY OF PENNSYLVANIA 9 HOW DO YOU MITIGATE RISK? Brainstorm ways to reduce or remove risk Research best practices Select the best alternative (cost-effective)

UNIVERSITY OF PENNSYLVANIA 10 WHERE IS RISK FOUND?

UNIVERSITY OF PENNSYLVANIA 11 CONTROL ENVIRONMENT: tone at the top, infrastructure, compliance; culture: integrity and competence of people RISK ASSESSMENT: identify, prioritize, mitigate risks; ongoing; wide participation CONTROL ACTIVITIES: processes, procedures, safeguards, access security, authorization MONITORING: throughout INTEGRATED INTERNAL CONTROL FRAMEWORK Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO) INFORMATION & COMMUNICATION INFORMATION & COMMUNICATION

UNIVERSITY OF PENNSYLVANIA 12 CONTROL ENVIRONMENT: FOUNDATION OF ALL OTHER COMPONENTS Established by an institution’s senior management group (President, Provost, EVP, CEO UPHS and Deans) - “tone at the top” Based on attitudes and practices of those in positions of authority Influences the “risk consciousness” of personnel An element in establishing an organization’s culture People

UNIVERSITY OF PENNSYLVANIA 13 CONTROL ENVIRONMENT FACTORS Integrity and ethical values Competence Management's philosophy and operating style Responsibility, authority and accountability Human resource practices and policies

UNIVERSITY OF PENNSYLVANIA 14 RISK ASSESSMENT: PROCESSES TO IDENTIFY AND ANALYZE BUSINESS RISK Managing in a changing environment requires a constant assessment of risk No practical way exists to reduce risks to zero Management must decide how much risk is acceptable Methods of managing significant risks must be established

UNIVERSITY OF PENNSYLVANIA 15 ONGOING RISK ASSESSMENT ACTIVITIES Identify external and internal risks to business objectives Anticipate worst case scenarios Estimate the probability and impact of each risk Establish a proactive, cost-effective plan for managing risks Use this process periodically or ad hoc (restructuring, launching new programs)

UNIVERSITY OF PENNSYLVANIA 16 CONTROL ACTIVITIES: SPECIFIC POLICIES AND PROCEDURES DESIGNED TO MITIGATE RISK Policies establish behavioral guidelines Processes and procedures establish how work is to be performed Risk control activities need to occur throughout the organization at all levels and in all functions

UNIVERSITY OF PENNSYLVANIA 17 TYPES OF CONTROL ACTIVITIES Review reports of operational performance Information systems and data processing security Segregation of duties (custody, record-keeping, approval/review) Annual performance reviews Reconciliations Limits of authority and access (signatures, ID badges, user IDs, locks)

UNIVERSITY OF PENNSYLVANIA 18 INFORMATION AND COMMUNICATION Information systems must provide data that is: –Accurate, reliable and sufficiently detailed –Timely, understandable and useable Information must be provided to the right people in time to allow appropriate response Communication flow must be: –Up and down through the organization –Across organizational boundaries

UNIVERSITY OF PENNSYLVANIA 19 INFORMATION AND COMMUNICATION SYSTEMS Information systems should: –Allow systematic monitoring of strategic plans –Provide operational, financial and compliance- related information Communication systems should ensure: –Responsibilities are effectively communicated to all employees –Channels exist for suspected improprieties to be reported without fear of retribution –Employees’ ideas and suggestions are solicited, acknowledged and considered

UNIVERSITY OF PENNSYLVANIA 20 MONITORING Processes assessing quality of institution's performance over time - feedback loop Control environment, risk assessment activities, control activities, and information channels should be monitored and periodically evaluated for effectiveness Provides early warning signs

UNIVERSITY OF PENNSYLVANIA 21 ONGOING MONITORING ACTIVITIES CE: Culture study RA: Annual assessment of risks CA: Monitoring of performance indicators I&C: Determining emerging information needs Objective external reviews

UNIVERSITY OF PENNSYLVANIA 22 SUMMARY Business risk encompasses strategic, operational, financial, compliance, reputational risk Everyone is responsible to assess and mitigate risk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.