Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Slides:



Advertisements
Similar presentations
An Internal Control Overview
Advertisements

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore
Chapter 14 Fraud Risk Assessment.
Internal Controls 101 RDML K. Taylor | DHS CFO Brief | 25 JAN 2010 Assistant Commandant For Resources.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Auditing Concepts.
Understanding & Managing Risk
Internal Control.
Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Safety and Loss Control
National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.
Internal Auditing and Outsourcing
Compliance & Internal Auditing By David N. Ricchiute
Central Piedmont Community College Internal Audit.
An Educational Computer Based Training Program CBTCBT.
Chapter 9: Introduction to Internal Control Systems
IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Introduction to Internal Control Systems
Establishing A Compliance Program: It Makes Sense
Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Internal Control in a Financial Statement Audit
Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Stepped Up ERM Teresa McKay Director, Defense Finance and Accounting Service ASMC Washington Chapter September 17, 2008.
HOTLINE: The Value of internal Audit at Georgia Tech 1 Department of Internal Auditing.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Copyright© 2010 WeComply, Inc. All rights reserved. 10/17/2015 Internal Controls.
Conducting Compliance Assessments and Building Internal Controls In Pharmaceutical R&D Third Annual Medical Research Summit – Session 2.01 Michael Swiatocha.
The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
Business and Information Process Rules, Risks and Controls.
Liability Issues for TRIO Programs Managing Your Project’s Risk.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.
College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.
Risk Management - “Local Government Pitfalls.” IMFO – Sustainability Workshop Risk Management 30 March
Chapter 9: Introduction to Internal Control Systems
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Chief Compliance Officer
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.
ERM 2014 The Implementation of ERM at The University of Kentucky.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
Introduction to Enterprise Risk Management (“ERM”)
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
An Overview on Risk Management
HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
Internal control - the IA perspective
The Role of the Internal Audit Department
Tim Grow, CPA Charleston Office Managing Shareholder
The Elements of appropriate Internal Controls
Presentation transcript:

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice President and General Counsel, Enterprise Risk Management Tammy Raccio – Associate Director, Audit Department Julia Janowick – Deputy University Research Compliance Officer, Office of Research Administration,

Agenda Terminology and principles Common objectives Enterprise risk management Audits Assessments Q&A

Terminology and principles Risk: the potential for a scenario in which an individual or situation fails to adhere to a regulation, policy or procedure that applies to the activity in which they are engaged, and/or the failure of an internal control to prevent adherence to a regulation, policy or procedure Risk is generally measured by likelihood and impact: –How likely is it that the risk will occur? –What is the impact if the risk does occur? How do we handle risks once identified and measured? –Accept –Manage –Transfer –Eliminate Internal Controls: policies and procedures for preventing and detecting the failure of adherence to a regulation, policy or procedure

Common objectives of audits, enterprise risk management & assessments Protect the University and University community from liability and risk Enable management to act proactively and avoid “unwanted surprises” Identify and correct non-compliance Identify gaps in process and understanding in order to determine: –What policies and procedures need to be clarified and/or created? –Where there are opportunities for increased training and education?

Enterprise Risk Management (ERM) What is ERM ? Process of planning, organizing, leading, and controlling the activities of the University in order to minimize the effects of risk to its operations. Expands risk management beyond the traditional concept of insurable risks associated with accidental losses to include reputation, health & safety, operational, compliance, financial and other risks. Views University’s operations as a portfolio of activities with attendant risks. Focuses on identifying and managing University risks in a proactive and anticipatory manner

Enterprise risk management goals Foster a risk-aware culture Anticipate institutional risks Escalate major institutional risks Develop information and provide recommendations to Officers in prioritizing risk areas for special attention and resources Report status of institutional risks to Trustees

Enterprise risk management focus

Enterprise risk management outcomes Most important risk exposures to the University are identified and addressed proactively Risk awareness is embedded into day-to-day business decisions

Internal Audit Department’s Risk Based Auditing Analyzes financial data to identify high risk areas or high risk transaction types –Identify specific period of review –Identify greatest areas of exposure –Determine areas deserving a specific risk review

Internal Audit Department’s Risk Based Auditing Assess the internal controls utilized to reduce risks to an acceptable level or eliminate risks altogether Document internal controls employed to obtain reasonable assurance that goals and objectives can be met for areas identified as high risk –Through various methods (inquiry, observation, review) document the processes in place to achieve an effective control environment –Sample transactions to verify documented internal controls are working properly

Internal Audit Department’s Risk Based Auditing Auditors Evaluate Internal Controls related to high risk areas Examples of Internal Controls include (proactive and detective controls) Creation of an Environment of Control Awareness Separation of Duties Authorizations/Approval Reviews Reconciliations Monitoring Asset Security Information and Communication

Internal Auditing Department’s Risk Based Auditing Not designed to: Detect fraud or collusion Find transactions not in compliance with policies and procedures Increase technical competence Assess staffing Any one of these may happen in our audits however, our audits are not designed to find or test for these. We are not the transaction police but are governance partners with management!

Research compliance assessments What is a research compliance assessment? A review of a particular process or work area to determine conformance with federal regulations and University policies and procedures related to research –What are the applicable requirements? What should we be doing? –What is our practice? What are we actually doing? –Where are there gaps between requirements and practice? Is there a disconnect between what we should be doing and what we are doing? –Where are there opportunities for improvement? What strategies can we develop to close any gaps between requirements and practice and ensure compliance?

Research assessment goals Identification and measurement of risks –Take a proactive approach to identifying and managing research compliance risks –Identify, classify, quantify and prioritize risks Elimination or management of risks –Identify and correct non-compliance –Make recommendations for process improvements which will minimize liability and risk –Partner with the research community in innovative and effective ways to minimize and manage risks –Better identify and target the most useful and effective training and education

Research assessment focus

Research assessment process Discussions and interviews with process owners Process reviews Information and data review

Research assessment outcomes Identification, prioritization and elimination or managment of real and potential research compliance risks –Enhance and clarify existing policies, procedures and guidance and/or create new policies, procedures and guidance to address non-compliance, operational deficiencies and/or gaps in knowledge and understanding –Recommendations for process improvements –Identify and target necessary training and education –Correct non-compliance –Develop self-assessment tools for process owners to regularly assess their own activities

Recap: commonalities and differences in our general processes ERMAuditsAssessments Identification of risks and risk management strategies √√√ Discussions with process owners √√√ Escalation of key risk issues √√√ Process reviews √√ Information and data review √√ Transaction sampling √ Fiscal focus √ Research compliance focus √

Conclusion: we are all in this together! Our offices work together, complementing each other’s methods to mitigate risks to the University –We meet regularly to: Share ideas and information Avoid duplication of effort Cover more ground

20 You too can help with identification of risks – “if you see something, say something!”

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.