Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers.

Slides:



Advertisements
Similar presentations
Project Quality Plans Gillian Sandilands Director of Quality
Advertisements

1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.
A Joint Code of Practice Objectives and Summary Presentation
The Department of Energy Enterprise Risk Management Model
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Managing Risk: A Framework and Reporting Cycle 2014.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Calderdale Children & Young Peoples Service
© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working: Follow Up Review Vale of Glamorgan Council Final Report- November 2009.
Child Safeguarding Standards
IMFO Audit & Risk Indaba June 2012
Introduction to Risk Management 26 September 2014 Peter Fowler CPPD.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
ENVIRONMENTAL MANAGEMENT PLAN
Risk based internal auditing – an introduction Slides of figures and appendices ©David M Griffiths
Financial Management and Control Arrangements in Practice Monika Kos, Ministry of Finance, the Republic of Poland.
Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.
HDA’s revised strategic direction and Annual Performance Plan 2013/14 March 2013.
Welcome ISO9001:2000 Foundation Workshop.
Effectively applying ISO9001:2000 clauses 5 and 8
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.
PILOT PROJECT: External audit of quality assurance system on HEIs Agency for Science and Higher Education Zagreb, October 2007.
The role of internal audit in enterprise-wide risk management (ERM)
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working Vale of Glamorgan Council Final Report- July 2008.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
Risk Management Report to Audit Committee 26 September 2006 Lee Harris Assistant Chief Executive.
RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.
Basics of OHSAS Occupational Health & Safety Management System
Policy and Procedure Inspector Christian Ellis. Policy Statement About Policy It is best practice to have up to date, clear and standardised policies.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Chapter Three IT Risks and Controls.
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Risk Management For the Board of The Law Society 16 February 2005.
Report on the Evaluation Function Evaluation Office.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Briefing on Progress made with regard to Prevention and Management of Child Abuse and Neglect Especially Child Sexual Abuse Presentation at the Portfolio.
Risk Management Performance & Audit Panel 24 January 2006 George Hook, Interim Risk Coordination Manager.
1 Introducing Enterprise Risk Management (ERM) - The KOC Experience November 2012 Khaled Al-Awadhi Risk Management Team Kuwait Oil Company.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Devon & Cornwall Police Authority Strategic Review November 2010.
STEP 4 Manage Delivery. Role of Project Manager At this stage, you as a project manager should clearly understand why you are doing this project. Also.
Workshop on Implementing Audit Quality Practices Working Group on Audit Manuals and Methods March 2006 Vilnius (Lithuania) Hungarian Experiences.
Every Child Matters Improvement Programme Integrated Working In Localities Project Phase 2 – October 2009 update.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.
TREASURY REGULATIONS’ CHANGES AND POTENTIAL IMPACT
Topic 5 Initiating a project
Local Area Agreement Strengthening delivery Improving Outcomes Jon Bright Director of Policy and Delivery Birmingham City Council.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Swedish Risk Management System Internal management and control Aiming to Transport Administration with reasonable certainty to.
SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:
Background The Sustainable Development Goals (SDGs), which the UN Members States jointly committed to in September 2015, provide an ambitious and long-term.
Presentation to the Ad-hoc Joint Sub-Committee on Parliamentary Oversight and Accountability Wednesday 20 March 2002 PUBLIC SERVICE MONITORING AND EVALUATION.
PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.
1 Home Care Support Outcome Based Specification Workshop 26 th November 2009.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Embedding the golden threads that lead to quality care every time……
An Overview on Risk Management
Solihull Review of Urgent Care Programme Approach And Governance 2013
Risk Management and the role of the Audit Committee
HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
A Framework for Control
The EPSO Peer Evaluation of the Danish Health and Medicines Authority
Portfolio, Programme and Project
Robin Youll Office for National Statistics
Data Security and Protection Toolkit Assurance 2018/19
Presentation transcript:

Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers

Introduction Background and context What is risk management? Why is risk management important? Birmingham City Council’s approach Risk registers Mapping to the audit plan What’s next? Conclusion and questions abc

Background and context - the CIPFA/SOLACE Framework Structures & Processes Standards of Conduct Service Delivery Arrangements Community Focus Risk Management and Internal Control abc

Background and context - CIPFA definition of Internal Audit Service Delivery Arrangements abc Internal Audit is an assurance function that primarily provides an independent and objective opinion to the organisation on the control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the organisation’s objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources. Source: 2003 Code of Practice for Internal Audit

Background and context What has BCC done? Reviewed existing Corporate Governance arrangements Adopted the CIPFA/SOLACE framework Prepared and adopted a local Code of Corporate Governance Identified the Strategic Director of Resources as Officer “Corporate Governance Champion” and Deputy Leader as Member “Corporate Governance Champion” Established a Corporate Governance Action Plan Developed the Constitution Worked on embedding Risk Management abc

What is risk management? Definition: Risk management is about making the most of opportunities (making the right decisions) and about achieving objectives once those decisions are made Source: Solace/Zurich Municipal abc

What is risk management? It is a tool that can help to prioritise where resources should be targeted. Failure to manage risk effectively may result in financial losses, disruption to services, threats to public health and safety, bad publicity or claims for compensation. Need to ask: What are the barriers to us achieving our targets/plans? What are the worse things that could happen to us? How likely are they to happen? Are sufficient steps being taken to prevent them from happening? abc

What is risk management? RISK IDENTIFICATION RISK ANALYSIS PRIORITISATION RISK MANAGEMENT MONITORING abc

Why is risk management important? Need to manage the risks identified, have clear action plans with measurable performance indicators/targets, key dates and responsible officers in place. Need to monitor how effective the action plans are at reducing the risk impact/likelihood. If not effective a different approach to manage the risk needs to be put in place. abc

BCC approach to Risk Management Risk management strategy approved by Cabinet July 2001, updated in October 2002 and again in Risk Champion nominated by each Directorate’s Management Team. Initial training provided to Risk Champions and some staff within Birmingham Audit by Zurich. Head of Birmingham Audit tasked with leading on risk management - presentations done to Management Teams, facilitation at risk identification workshops. Briefings/training provided to Divisional reps. Risk management documents updated and distributed - internally and externally. abc

Risk Registers Directorate risk registers produced and top risks per Directorate nominated to form basis of first Corporate Risk Register. Corporate risk management group formed - currently consists of Deputy Leader, Strategic Director of Resources, Director of Performance Improvement and the Head of Birmingham Audit. Corporate risk register updated. Now working to develop Divisional and Service level risk registers. Also applied to projects. Corporate Risk Register process has been altered to try to speed up the refresh process and include “issues” as well as risks. abc

Risk Register abc Date: Risk / Opportunity owner: Date: Risk / Opportunity owner: Date: Risk / Opportunity owner: Date: Risk / Opportunity owner: Further control proposed, an date for implementation Residual Risk (Likelihood Impact) Description of current controls /mitigation in place & date when controls were last reviewed and reported upon Inherent Risk (Likelihood/ Impact) Description of Risk / Opportunity and Risk / Opportunity owner No. Counter MeasuresRisk / opportunity information

Action Plan abc What further action is to be taken to control, modify, transfer or eliminate the residual risk? Who is to take this further action? When will the further action occur? What main controls are currently in place? Who is responsible for each main control? What action is being taken relating to each main control? When was the last check of the effectiveness of the main controls in place carried out and who were the results reported to? Description of risks that could prevent the objective being met/ opportunities that could be missed: Target risk Likelihood/Impact If residual risk not accepted what approach has been agreed? Control risk Modify risk Transfer risk Eliminate risk Consequences if the risk event occurred or the opportunity is missed: Residual risk accepted? Y / N Residual Risk Likelihood/Impact Objective the risk or opportunity is linked to or arises from: Inherent Risk Likelihood/Impact Risk Register No. & Risk owner:

Mapping to the Audit Plan Early days yet but we are: Using the areas highlighted on the Corporate Risk Register to identify areas for audit review. Using Directorate risk registers to inform the audit plan and the focus of work programmes Using risk management approach to help with areas of known vulnerability. Auditing the risk management process too! abc

What’s next? We have purchased Magique - a computerised risk management system that integrates with our audit management system (Galileo) and will help to drive the risk based plan. Magique is being customised to suit our needs and is being tested. We plan to pilot Magique by using it for the Corporate Risk Register and a volunteer Directorate / Division. We will use the information from the registers and action plans to identify the key controls to be audited and to highlight where risks are severe but not being managed. abc

Conclusion and questions Concluding points: Stress that risk management is not new - it is good management practice. Link in with business planning and performance management. Keep in mind the bigger picture regarding Corporate Governance and Assurance Statements. Internal Audit cannot ignore risk management. Any questions? abc

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.