Food and Consumer Product Safety Authority Ministry of Economic Affairs, Agriculture and Innovation Rob de Heus Chris Hagen Internal Audit Department.

Slides:

Advertisements

Similar presentations

1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.

Advertisements

Chapter 10 Accounting Information Systems and Internal Controls

Control and Accounting Information Systems

Introduction to Enterprise Risk Management (ERM)

CHCAC1C Provide support to the older person Chapter 4: Responding to risk.

Environmental Management Systems An Overview With Practical Applications.

Managing Change Planning for Change Revitalising general Motors is like teaching an elephant to tap dance. You find the sensitive spot and start poking.

The Australian/New Zealand Standard on Risk Management

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Doğancan USTACAN Hasan KÜTÜKÜT Abdullah Cihan Küçük Sevil KUGU.

Chapter 4 Internal Controls McGraw-Hill/Irwin

Business Risk Marketing Co-op.  Communication  What is communication?  Types of communication  Online  Telephone  Nonverbal Previously.

LYDIA MARTIN SARAH MCALLISTER STEPHANIE SEDMAK TYPES OF BUSINESS RISKS.

 This presentation looks at: › What is risk management › How to identify risks › How to implement an effective risk management policy to increase your.

Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.

Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Implementing and Auditing Ethics Programs

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

Deputy Director General Øivind Berg Larsen

Section Topics Establish a framework for assessing risk

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Chapter Three IT Risks and Controls.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.

Implementing and Auditing Ethics Programs

Copyright ©2015 Pearson Education, Inc.

IOPS Toolkit for Risk-based Supervision Module 4: Risk Mitigation and Scoring.

Risk Issues for the Board Presented By: Dr. Cesar G. Saldaña, Ph. D. Founding Fellow, ICD.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

Protection and Prosperity Graham Russell and Ffiona Kyte, Local Better Regulation Office 21 st May 2010 Entrepreneurial Region Conference, Sweden.

Federal Department of Economic Affairs DEA / Federal Department of Home Affairs DHA Federal Food Chain Unit FFCU How to cope with “risk based” audit programs.

Environments of LSOs. Environments is the term used to describe the context in which business is carried out. There are two main environments: Internal:

Introduction to Human Resource Development -Achin Bansal -Anu A Natraj.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Conducting Clinical Risk Assessments And Implementing Compliance Practices Jane L. Stratton Chiron Corporation VP/Associate General Counsel Chief Compliance.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

FACILITATOR Prof. Dr. Mohammad Majid Mahmood Art of Leadership & Motivation HRM – 760 Lecture - 25.

Internal Audit Plan and Its Alignment to Risk Strategy

© Pearson Education Limited 2015

The Risk Management Process

ISO Registration Common Areas of Nonconformances.

-To insert a Zurich picture click on the "camera"-icon in the Zurich CI toolbar and follow the instructions. -To insert a picture from your personal files,

33 3. IS Planning Issues Scope of IS planning Barriers in IS planning Overview of IS planning Inputs to IS planning Process of IS planning Outputs from.

1 Role of Human Resources in Strategic Planning and Organizational Change Chapter 11.

Management Practices Lecture-5 1. Recap Behavioral Management The Hawthorne Studies Theory X and Y Theory X v. Theory Y Theory Z Systems Considerations.

S.W.O.T. Analysis Entrepreneurship.

ISO-9001:2015 Where we have been and where we are going.

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

Change management Use in conjunction with the Corus case study summary THE TIMES 100.

Win Phillips, Ph.D Win Phillips, Ph.D. Clinical Assistant Professor University of Missouri Columbia, MO.

INTERNAL AUDIT BRIEFING Business Objectives Business Objectives: What are they and how are they used?

CHALLENGES, TRENDS AND EVALUATION OF MERGING PROCESSES CIAT TECHNICAL CONFERENCE Paris October 2010 By: Victor van Kommer Director Knowledge Centre.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

An Overview on Risk Management

Risk Management and the Treasury Function

ISO 14001: 2004 Environmental Management Review Presentation

IIASA Governance Review

Business Strategy and Policy

CRISIS COMMUNICATION and RISK MANAGEMENT

Understanding and Leading Change

CIMA E2 Project and Relationship Management.

Project Audit and Closure

CAYMAN ISLANDS MONETARY AUTHORITY

Security Management Definition: security is a proactive measure taken protect , prevent and safeguard both human material resources. Objectives of security.

Management functions Planning

Project Audit and Closure

A New Concept for Laboratory Quality Management Systems

Management functions Planning

Management commitment and responsibility Safety accountability of managers Appointment of key safety personnel SMS Implementation Plan Coordination.

Presentation transcript:

Food and Consumer Product Safety Authority Ministry of Economic Affairs, Agriculture and Innovation Rob de Heus Chris Hagen Internal Audit Department

2 Introduction Starting point Control versus audit Definition of risk Risks examples Risk analysis Sources of risk groups Risk assessment Turning wheels for a risk-based audit approach Discussion

3 Starting point Our suggestion: split up the document in  risk based planning of audits  risk based planning of controls Because: Planning of controls is part of the first and second line of defense; while audit is part of the third line of defense; The manager is responsible for planning of controls, the auditor for planning for audits; Audits aim at the planned and implemented controls. It’s just not the same!

4 Control versus audit (1) first line the first line of the control environment is the business operations which perform day today risk mangement activity second line oversight functions in the company, such as finance, HR risk management set directions, define policy and provide assurance third line internal and external audit are the third line of defence, offering independent challenge to the levels of assurance provided by business operations and oversight functions.

5 control first and second line Internal audit third line Control versus audit (2)

6 Definition of risk In common parlance people use the term risk for:  Causes  Events  Uncertainties  Chances  Impact  Effects  Bottlenecks  Inadequate Controls Our suggestion: A risk is a threat / hazard / event / uncertainty with an underlying cause which causes an effect (or result). A risk is not the result or effect itself, because this approach does not give starting points for corrective actions. We can only do something about the causes and the events, but we can’t control or turn back the effects!

7 Risks (example 1) cause impact change weighing event uncertainty effects/results / continuity/objectives Can you think of controls to cope with these issues? Yes No

8 Risks (example 2) Climbing the Mount Everest broken material bad dress bad weather illness impact change weighing expedition member falls into the abyss objective is in danger there is food left claims publicity Can you think of controls to cope with these issues? Yes No

9 Risk analysis Risk analysis consists of: Event identification (what threats / hazards / events / uncertainties can we identify?) Risk assessment (probability X impact) Our suggestion: Risk analysis is crucial for an adequate risk-based auditplan. We can start the RA with a closer view at al kind of risk sources (next sheets) after identification you can discuss the priority of each of the identified risk on the bases of impact and probability. This process of risk assessment shouldn’t be formalized

10 Sources of risk groups (1) Environmental Risks risks outside the organization; social developments; supervisors; legislation; natural disasters; political developments; suppliers; competition Operational Risks risks in the management and control of the organization; lack of risk management; weak control environment; style of leadership; culture; structure of rewards Process Risks risks at the process level;inefficient process; insufficient trained staff; insufficient availability of resources; insufficient quality of the product; surplus of resources/staff Financial risks risks within the business with a financial nature

11 Sources of risk groups (2) Information Risks the risk that wrong decisions are taken eg. insufficient or untimely information (it may be concerning operational, financial or strategic information); managers get too late information needed to steer; no progress information about projects; insufficient understanding of political developments to anticipate; information does not meet the need of information; prioritization based on false information; insufficient understanding of customers needs IT risks (include specific risks around IT systems) data integrity; continuity (backup recovery, physical security); privacy Integrity subject risks to the reputation of the organization; socially sensitive decisions; unlawful act; Fraud; unauthorized use; communication

12 Risk assessment Broad Impact Probability High priority risks input for auditplan

13 Turning wheels for a risk-based audit plan Year 1Year 5 Once Each year Broad Narrow Superficial Thorough Our suggestion: After identifying events and assessing the risks we can plan the audits on a base of 4 dimensions (turning wheels)

14 DISCUSSION!