Download presentation
Presentation is loading. Please wait.
Published bySara Salisbury Modified over 10 years ago
1
Governance, Risk Management and Compliance: Summary of Basic Concepts & Program Goals Bob Kotic Chief Financial Officer University of Sydney
2
Questions that need Answers What are the greatest risks facing the University?What are the greatest risks facing the University? How does the University manage them?How does the University manage them? How do we monitor them?How do we monitor them?
3
Definitions Corporate Governance: The systems and processes by which the University is directed, controlled and held to accountCorporate Governance: The systems and processes by which the University is directed, controlled and held to account Risk: The potential for an event to occur that could have an effect on the Universitys objectives or operationsRisk: The potential for an event to occur that could have an effect on the Universitys objectives or operations Risk Management: The culture, processes and structures that are directed to the effective management of potential opportunities and adverse effectsRisk Management: The culture, processes and structures that are directed to the effective management of potential opportunities and adverse effects Compliance: The systems and processes that ensure conformity with business rules, policy and legislationCompliance: The systems and processes that ensure conformity with business rules, policy and legislation Governance Risk Management Compliance
4
Universitys Current Approach to Risk Management Silo approach to dealing with riskSilo approach to dealing with risk Specific administrative units have responsibility for specific risksSpecific administrative units have responsibility for specific risks –Hazard (Physical Risk) –Financial Threats –Acts of God OHS Staff Development Physical Security Legal Fraud Error Reporting Data Protection Academic Processes Insurance IT Security
5
Faculties Legal Physical Security Staff Development Fraud OHS IP Management Asset Management Data Protection Compliance
6
Program Goals Develop and implement an integrated approach to risk management and compliance and in turn, provide the framework to allow the University to demonstrate appropriate standards of governance.Develop and implement an integrated approach to risk management and compliance and in turn, provide the framework to allow the University to demonstrate appropriate standards of governance.
7
Program Goals contd Create a culture of risk awareness within the University which will promote the appropriate management of risk and compliance; minimising potential negative events and maximising the ability to seize opportunities.Create a culture of risk awareness within the University which will promote the appropriate management of risk and compliance; minimising potential negative events and maximising the ability to seize opportunities.
8
Program Objectives Identify major risks inherent in the Universitys operating environment & review the effectiveness of existing control measures.Identify major risks inherent in the Universitys operating environment & review the effectiveness of existing control measures. Develop new and more effective tools for monitoring and managing these risks.Develop new and more effective tools for monitoring and managing these risks. Develop a framework to connect the various disciplines currently managing risk to provide a consistent response to risks.Develop a framework to connect the various disciplines currently managing risk to provide a consistent response to risks. Align current activities, policies and procedures with the Universitys overall strategy and streamline deficient processes.Align current activities, policies and procedures with the Universitys overall strategy and streamline deficient processes.
9
Program Objectives contd Educate staff in the Universitys suite of policies, procedures and internal controls.Educate staff in the Universitys suite of policies, procedures and internal controls. Assign responsibilities for projects, activities, controls and compliance where there is no clear leader.Assign responsibilities for projects, activities, controls and compliance where there is no clear leader. Define key performance indicators and early warning systems to ensure quick response to risk.Define key performance indicators and early warning systems to ensure quick response to risk. Provide regular reporting to senior management, Senior Executive Group and the Audit & Risk Management Committee on risk management activities and internal controls.Provide regular reporting to senior management, Senior Executive Group and the Audit & Risk Management Committee on risk management activities and internal controls.
10
Common view of risk Understanding Dependencies Information Decisions, Direction, Controls Integrated Approach to Governance, Risk Management & Compliance Source: Barclays Bank Group Operational Risk
11
Benefits to the University Improved: Management Control & AdministrationManagement Control & Administration Decision MakingDecision Making Resource ManagementResource Management Ability to meet Strategic TargetsAbility to meet Strategic Targets Faculties Legal Physical Security Staff Development Fraud OHS IP Management Asset Management Data Protection Compliance Risk Management Controls
12
Typical Areas of Concern Alignment of current policies, procedures and processesAlignment of current policies, procedures and processes Strategic PlanningStrategic Planning Contracting/LitigationContracting/Litigation Consistency in TechnologyConsistency in Technology Consistency in Human ResourcesConsistency in Human Resources
13
Typical Areas of Concern contd Accountability for Legal ComplianceAccountability for Legal Compliance Management of assets (including acquisition and disposal)Management of assets (including acquisition and disposal) Provision of advice/consultancy agreementsProvision of advice/consultancy agreements Business ContinuityBusiness Continuity
14
Next Steps Identify the top operational risks to the UniversityIdentify the top operational risks to the University –Develop methodology to identify risks –the initial focus on risks and potential exposures that are currently controlled through central administrative support activities Select a risk area and complete full review to pilot an approachSelect a risk area and complete full review to pilot an approach Prioritise remaining risksPrioritise remaining risks
15
Next Steps contd Review the control measures relating to the administrative and financial processes that are currently in place to determine adequacyReview the control measures relating to the administrative and financial processes that are currently in place to determine adequacy Determine new procedures and control measures required and subsequent costsDetermine new procedures and control measures required and subsequent costs
16
Academic Support Administrative Support Risks identified & Control Measures developed Colleges College Risk Manager
17
Outcome List of top ten risks within the UniversityList of top ten risks within the University A risk treatment plan (control measures) by which each risk is managedA risk treatment plan (control measures) by which each risk is managed Risk and treatment plan assigned to a department/individualRisk and treatment plan assigned to a department/individual Performance measures that risks are reported againstPerformance measures that risks are reported against
18
Outcome contd Document as Risk Management PlanDocument as Risk Management Plan Communication and Training in new controls, policies and proceduresCommunication and Training in new controls, policies and procedures Structure within Colleges to assist with implementationStructure within Colleges to assist with implementation Set of procedures which can be audited to ensure complianceSet of procedures which can be audited to ensure compliance
19
Questions ?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.