Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management Process in SAIs

Published byJoseph Harrell Modified over 6 years ago

Similar presentations

Presentation on theme: "Risk Management Process in SAIs"— Presentation transcript:

1 Risk Management Process in SAIs
Agenda Item # 9 Progress Report on: Risk Management Process in SAIs Risk Identification Process in the Public Sector SAI of Mexico, WGVBS Secretariat September 6, 2017

2 Background Information
Discussion on risks identification and management 2015 WGVBS meeting, Nanjing, China Key National Risks Main elements SAIs should take into account Internal Functioning Risks

3 Background Information
2015 – Nanjing, China 2016 – Arusha, Tanzania Regarding the roundtable discussion on the importance for SAIs to identify and manage their own risks as well as those of the public sector, the SAI of Mexico will prepare a draft to expound the main elements that SAIs should take into account to identify both (1) key national risks, and (2) its own internal functioning risks. As for the former, the SAI of Mexico will work with the US GAO, and as to the latter, the coordination will be with the National Audit Office of China. Draft versions Risk Management Process in SAIs Risk Identification process in the public sector

4 Relevance of ISSAI 12 Principle 5: “[To make a difference in the lives of citizens, SAIs must] be responsive to changing environments and emerging risks.” SAIs need to be seen as trustworthy SAIs must be perceived as credible, competent, independent, and accountable institutions that lead by example. Implementing an effective risk assessment process within SAIs, including integrity risks, is necessary. Risk self-assessment procedures contribute to reaching institutional goals and objectives

5 (1) Risk Management Process in SAIs Initial conditions to carry out a risk assessment process
Support of top management, within the SAI. Risk identification carried out by experienced staff members of middle management positions to ensure an effective detection of threats and vulnerabilities. Risk identification can be performed by conducting surveys and holding meetings with selected staff. Report to the head of SAI should be prepared accordingly. Workshops with every department so as to enhance risks detection mechanisms (advisable). 1. Setting goals 2. Risk identification 3. Risk classification 4. Risk evaluation 5. Risk prioritization 6. Control Evaluation 7. Risk response 8. Report to the Head

6 (1) Risk Management Process in SAIs Project led by SAI of China and Mexico
Introduction I. Identification of Strategic Goals and Institutional Process II. Risk Identification III. Risk Classification IV - V. Risk Evaluation and Prioritization VI. Evaluation of Existing Controls VII. Risk Response VIII. Reporting to the Head

7 (2) Risk Identification Process in the Public Sector Introduction
Principle Five of ISSAI 12 highlights the value SAIs can provide by identifying the risks facing the public sector. WGVBS could contribute with a framework for SAIs to use in identifying the areas of significant risk that governments face in their programs and operations. cumulative results of work performed on audited entities to identify significant, recurring, and persistent problems within the federal government SAIs are in an ideal position to identify these high risk areas through their broad audit perspective and the analytical disciplines that they routinely apply across government. This work can result in focusing decision makers’ attention on critically important areas of government, enhancing the quality and depth of public debate, and encouraging follow up to ensure that the issues are resolved. Definition of Public Sector Risk Areas Factors affecting Public Sector Risks Approaches used to identify Risk Areas Users of Risk Information Case Studies

8 (2) Risk Identification Process in the Public Sector Project led by US GAO and SAI Mexico
Case studies demonstrate the potential contribution that the systematic identification of high risk areas across government can make to Increasing transparency and accountability Improving the efficiency and effectiveness of government Increasing public understanding of the value and benefits of SAIs.

9 Consultation period within the WGVBS
Following the presentations of the papers regarding the Risk Identification process in the Public Sector, and Risk Management Process in Supreme Audit Institutions, the WG members agreed upon providing comments to the draft version, which will be afterwards enriched by the project coordinators. Austria Bahrain China France Iraq Jamaica New Zealand Peru United Kingdom

10 (1) Risk Management Process in SAIs Feedback
General comments Need to include concrete practical examples (experience and obstacles). Introduction Risk identification and management should be embedded in a SAI’s business process Critical governance element to enhance the SAIs achievements of its outcomes and aid in guarding its reputation Risk Identification View risk at the strategic level by determining the risk to achieving the strategic goals/outcomes/objectives Risk Classification Feedback to amend, rename and merge risks Comments useful to enrich the risks definitions Risk Evaluation and Prioritization Comments to calibrate the scale rate Evaluation of Existing Controls Management of the risks linked directly to the strategic outcome so as to ensure the continued applicability and the relevance of risk is maintained

11 (2) Risk Identification Process in the Public Sector Feedback
Defining Public Sector Risk Areas New (fifth) point: “Deficiencies in the statutory frameworks of the government, such as the constitution, valid laws and regulations, general policies and procedural manuals, etc.“ Adding of the content of "government performance evaluation" in the part of (2)"Inappropriate design and enforcement of laws and regulations". Feedback to enrich the definition of “Risk”, and to clarify criteria Identification of Risk Areas stemming from the audit work Suggested sources of information The identification of cross-sector themes or issues is an important role for SAIs. SAIs are typically well placed to report on such matters, given the role of the SAI as the auditor of all public entities. SAIs should be regularly scanning across the public sector looking for sector wide risks and issues. Such scanning should inform not only what SAIs publicly report, but also should influence the SAIs future work programme. This could rise to future work by the SAI (for example a performance audit in a risk area). Ongoing monitoring of both high risk entities in the public sector and high cross- sectoral issues will ensure that SAIs remain focused on key public sector risks. The regular reporting of such risks will help ensure the government is able to put in place appropriate mitigations for the risks identified. Such risk assessments can be done using judgement (qualitative assessments) or a mixture of the two. General Comments Base for further discussion within the WGVBS Linkage with COSO framework as a tool for risk assessment First step to think about the problems, and to tell the real truth about what SAIs are auditing. Introduction Need to go beyond the traditional approach of auditing. Some new forms of audit methodology could be referred (cross- sectional survey used in special-purpose investigative audit, real-time audit). Clarification required to present the document as a first step towards an ambitious paper. Audit work and discussion across audit teams can identify cross-governmental issues, as well as departmental issues. Need to say that the SAIs seek to identify emerging risks as part of their auditing activities.

12 INTOSAI Strategic Plan 2017-2022
Crosscutting priority 4: “Creating a strategic and agile INTOSAI that is alert to and capable of responding to emerging international opportunities and risks”. INTOSAI faces opportunities that it can seize and organizational risks that must be monitored and managed. Enterprise Risk Management (ERM) is an essential element of good organizational governance and accountability. It is a systematic and organization-wide approach that supports an organization’s achievement of its goals and strategic objectives by identifying, assessing, evaluating, prioritizing, and managing risks to the achievement of those goals and objectives across the organization.  INTOSAI’s Supervisory Committee on Emerging Issues

13 INTOSAI Strategic Plan 2017-2022
One of the illustrative areas where SAIs, subject to their individual mandates and available resources, could contribute to the follow-up and review of the Sustainable Development Goals (SDGs). Review national transparency, risk management, anti-fraud protections, and internal control processes to contribute to corruption prevention efforts consistent with the United Nations Convention Against Corruption.

14 Way forward */INTOSAI Supervisory Committee on Emerging Issues:
Feedback from the INTOSAI Supervisory Committee on Emerging Issues* Guidance on INTOSAI perspective regarding its perspectives on Enterprise Risk Management (ERM) Revised papers Comments from the WGVBS members. WGVBS decision on next steps Discussion to be held on September 7, 2017 (10th WGVBS meeting) */INTOSAI Supervisory Committee on Emerging Issues: Co-operation with other bodies to be alert to emerging issues (global and regional implications), and their different manifestations in different parts of the world. Focus to ensure that INTOSAI’s crosscutting priorities are being consistently and thoroughly integrated in INTOSAI’s various strategies and programs under its strategic goals.

15 Risk Management Process in SAIs
Agenda Item # 9 Progress Report on: Risk Management Process in SAIs Risk Identification Process in the Public Sector SAI of Mexico, WGVBS Secretariat September 6, 2017

Download ppt "Risk Management Process in SAIs"

Similar presentations

SAI Performance Measurement Framework

SAI Performance Measurement Framework
Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.

Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Water Integrity Capacity Building Programme: Outcomes and lessons learned from SADC regions SIWI WGF & CapNet UNDP 29 May 2013- A3.

Water Integrity Capacity Building Programme: Outcomes and lessons learned from SADC regions SIWI WGF & CapNet UNDP 29 May A3.
Examples of Best Practices: Anti- corruption Strategy of the TCA Musa KAYRAK Senior Auditor, CISA.

Examples of Best Practices: Anti- corruption Strategy of the TCA Musa KAYRAK Senior Auditor, CISA.
INTOSAI Compliance Audit Guidelines (ISSAI )

INTOSAI Compliance Audit Guidelines (ISSAI )
Key National Indicators and Supreme Audit Institutions: U.S. and INTOSAI Perspectives Bernice Steinhardt Director, Strategic Issues U.S. Government Accountability.

Key National Indicators and Supreme Audit Institutions: U.S. and INTOSAI Perspectives Bernice Steinhardt Director, Strategic Issues U.S. Government Accountability.
COORDINATED AUDITS IN AFROSAI-E Presented By Josephine Mukomba.

COORDINATED AUDITS IN AFROSAI-E Presented By Josephine Mukomba.
Office of the Auditor General of Canada The State of Program Evaluation in the Canadian Federal Government Glenn Wheeler Director, Results Measurement.

Office of the Auditor General of Canada The State of Program Evaluation in the Canadian Federal Government Glenn Wheeler Director, Results Measurement.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Working Group on Public Debt Progress Report 6th Meeting of the Steering Committee of the INTOSAI Committee on the Knowledge Sharing and Knowledge Services.

Working Group on Public Debt Progress Report 6th Meeting of the Steering Committee of the INTOSAI Committee on the Knowledge Sharing and Knowledge Services.
INTOSAI Task Force Global Financial Crisis - Challenges for SAIs and the WGPD Roberto José Domínguez Moro Superior Audit Office of Mexico INTOSAI Working.

INTOSAI Task Force Global Financial Crisis - Challenges for SAIs and the WGPD Roberto José Domínguez Moro Superior Audit Office of Mexico INTOSAI Working.
IAOD Evaluation Section, the Development Agenda (DA) and Development Oriented Activities Julia Flores Marfetan, Senior Evaluator.

IAOD Evaluation Section, the Development Agenda (DA) and Development Oriented Activities Julia Flores Marfetan, Senior Evaluator.
Www.unisdr.org 1 Mid-Term Review of the Hyogo Framework for Action Roadmap to Disaster Risk Reduction in the Americas 2010- 2015 & HFA Mid-Term Review.

1 Mid-Term Review of the Hyogo Framework for Action Roadmap to Disaster Risk Reduction in the Americas & HFA Mid-Term Review.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Working Group on Public Debt Progress Report 7th Meeting of the Steering Committee of the INTOSAI Committee on the Knowledge Sharing and Knowledge Services.

Working Group on Public Debt Progress Report 7th Meeting of the Steering Committee of the INTOSAI Committee on the Knowledge Sharing and Knowledge Services.
Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.

Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.
Workshop on Implementing Audit Quality Practices Working Group on Audit Manuals and Methods 15-17 March 2006 Vilnius (Lithuania) Hungarian Experiences.

Workshop on Implementing Audit Quality Practices Working Group on Audit Manuals and Methods March 2006 Vilnius (Lithuania) Hungarian Experiences.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

Similar presentations

Ads by Google