Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci.

Published byColin Allen Pierce Modified over 9 years ago

Similar presentations

Presentation on theme: "Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci."— Presentation transcript:

1 Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci Beth Ferracane Brendan McClune

2 Office of Operations 2009 Fall ConferenceObjectives Complete a basic risk assessment. Complete a basic risk assessment. Set up a system of internal controls to mitigate the risks identified during the assessment. Set up a system of internal controls to mitigate the risks identified during the assessment. Apply internal controls to potentially deter negative events (e.g., fraud, inappropriate procurements, improper payments, etc.). Apply internal controls to potentially deter negative events (e.g., fraud, inappropriate procurements, improper payments, etc.).

3 Office of Operations 2009 Fall ConferenceAgenda Internal Controls Overview Internal Controls Overview Group Exercises : Group Exercises : Global Risk Assessment for Procurement and Accounts Payable departments Global Risk Assessment for Procurement and Accounts Payable departments Identify objectives and risks Identify objectives and risks Design control activities Design control activities Risk Assessment – Program Areas Risk Assessment – Program Areas Rank risks by impact and likelihood assuming there are no controls Rank risks by impact and likelihood assuming there are no controls Rank risks by impact and likelihood given existing controls Rank risks by impact and likelihood given existing controls Attack and Defend Exercises Attack and Defend Exercises

4 Office of Operations 2009 Fall Conference Internal Controls History NYS Governmental Accountability, Audit & Internal Control Act of 1987 NYS Governmental Accountability, Audit & Internal Control Act of 1987 Budget Bulletin 350 Budget Bulletin 350 Committee of Sponsoring Organizations of the Treadway Commission (COSO) Committee of Sponsoring Organizations of the Treadway Commission (COSO)

5 Office of Operations 2009 Fall Conference Internal Control The integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its mission. The integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its mission.

6 Office of Operations 2009 Fall Conference Basic Components Control Environment Control Environment Risk Assessment Risk Assessment Control Activities Control Activities Information & Communication Information & Communication Monitoring Monitoring

7 Office of Operations 2009 Fall Conference Internal Controls Pyramid Control Environment Risk Assessment Control Activities Monitoring Information & Communication

8 Office of Operations 2009 Fall Conference Control Environment Influences all of the decisions and activities of an organization, and on the control consciousness of its people Influences all of the decisions and activities of an organization, and on the control consciousness of its people The Tone at the Top The foundation for all the other components

9 Office of Operations 2009 Fall Conference Risk Assessment Risk Assessment The possibility that an event will occur and adversely affect the achievement of objectives. To evaluate; to examine carefully; to determine or set the value of something.

10 Office of Operations 2009 Fall Conference Control Activities The tools – both manual and automated – that help prevent or reduce the risks that can stop an organization from meeting its objectives and goals. The tools – both manual and automated – that help prevent or reduce the risks that can stop an organization from meeting its objectives and goals.

11 Office of Operations 2009 Fall Conference Information & Communication The exchange of information between and among people and organizations.

12 Office of Operations 2009 Fall ConferenceMonitoring The ongoing review of the organization's daily activities and transactions to determine whether controls are effective in ensuring that operations work as intended. The ongoing review of the organization's daily activities and transactions to determine whether controls are effective in ensuring that operations work as intended.

13 Office of Operations 2009 Fall Conference Risk Assessment Risk Assessment The possibility that an event will occur and adversely affect the achievement of objectives. To evaluate; to examine carefully; to determine or set the value of something.

14 Office of Operations 2009 Fall ConferenceProcess 1. 1. What are the objectives? 2. 2. What could go wrong (the Risk)? 3. 3. What’s the likelihood of it occurring? 4. 4. What’s the impact if it happens? 5. 5. Prioritize and respond accordingly.

15 Office of Operations 2009 Fall Conference Risk Assessment Assess each risk in terms of: The likelihood of the negative event. The significance or impact of the event.

16 Office of Operations 2009 Fall Conference Risk Assessment Likelihood Likelihood The probability that an unfavorable event would occur if there were: No internal controls. Existing internal controls. Impact Impact A measure of the magnitude of the effect on an organization if the unfavorable event were to occur

17 Office of Operations 2009 Fall Conference Ask the questions … What obstacles could stand in the way of achieving your objective? What can go wrong? What is the worst thing that could happen? What is the worst thing that has happened?

18 Office of Operations 2009 Fall Conference Ask the questions … Are there new processes? Changed ones? New goals or legislation? Staffing changes? What keeps you awake at night?

19 Office of Operations 2009 Fall Conference Evaluating Risk Judgment Required LOW IMPACT HIGH LOW LIKELIHOODLIKELIHOOD HIGH Area I Least Concern Area III Moderate Concern Area IV Most Concern Area II Minimal Concern

20 Office of Operations 2009 Fall Conference Helpful Hints Change is the one constant. Change is the one constant. A risk assessment is never “done.” A risk assessment is never “done.” Communication and education can make all the difference. Communication and education can make all the difference. The greatest risk is turning a blind eye to the possibility of risk. The greatest risk is turning a blind eye to the possibility of risk. Knowledge is power! Knowledge is power!

21 Office of Operations 2009 Fall Conference Managing Risk Three options: Avoid the risk Avoid the risk Accept it Accept it Prevent it Prevent it

22 Office of Operations 2009 Fall Conference Managing Risk Avoid the risk: Whatever the risky activity is… Don’t do it! Don’t do it! No additional controls are required

23 Office of Operations 2009 Fall Conference Managing Risk Accept the risk: Continue the way you’re going Maintain the Status Quo Maintain the Status Quo No changes, no new controls No changes, no new controls

24 Office of Operations 2009 Fall Conference Managing Risk Prevent or reduce the risk: Actively work to control the risk Actively work to control the risk Change how you operate! Change how you operate! Establish whatever controls are necessary to manage the risk Establish whatever controls are necessary to manage the risk

25 Office of Operations 2009 Fall Conference Control Activities The tools – both manual and automated – that help prevent or reduce the risks that can stop an organization from meeting its objectives and goals. The tools – both manual and automated – that help prevent or reduce the risks that can stop an organization from meeting its objectives and goals.

26 Office of Operations 2009 Fall Conference Control Activities Controls can be… Directive: guide an organization toward desired outcome. Directive: guide an organization toward desired outcome. Preventive: deter the occurrence of an undesirable event. Preventive: deter the occurrence of an undesirable event. Detective: identify undesirable events and alert management. Detective: identify undesirable events and alert management.

27 Office of Operations 2009 Fall Conference Commonly Used Control Activities Documentation Documentation Approval and Authorization Approval and Authorization Verification Verification Supervision Supervision Separation of Duties Separation of Duties Safeguarding Assets Safeguarding Assets

28 Office of Operations 2009 Fall Conference Risk & Controls Judgment Required LOW IMPACT HIGH LOW LIKELIHOODLIKELIHOOD HIGH Area I Least Concern Area III Moderate Concern Area IV Most Concern Area II Minimal Concern

29 Office of Operations 2009 Fall Conference Control Activities Cost v. Benefit The cost of the controls shouldn’t be greater than the cost of the potential loss.

30 Office of Operations 2009 Fall ConferenceQuestions

Download ppt "Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci."

Similar presentations

Risk Management Module 3D Canada Bridges Project Management Tools Risk Management - Module 3D 1.

Risk Management Module 3D Canada Bridges Project Management Tools Risk Management - Module 3D 1.
NSAA/NASC JOINT MIDDLE MANAGEMENT CONFERENCE April 10-12, 2006 Presented by: David R. Hancox, CIA, CGFM Co-Author: Government Performance Audit in Action.

NSAA/NASC JOINT MIDDLE MANAGEMENT CONFERENCE April 10-12, 2006 Presented by: David R. Hancox, CIA, CGFM Co-Author: Government Performance Audit in Action.
Presented by YOUR NAME THE DATE

Presented by YOUR NAME THE DATE
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Internal Controls 101 RDML K. Taylor | DHS CFO Brief | 25 JAN 2010 Assistant Commandant For Resources.

Internal Controls 101 RDML K. Taylor | DHS CFO Brief | 25 JAN 2010 Assistant Commandant For Resources.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
2008 Financial Management Institute of Canada – Manitoba Chapter Professional Development Day Presented by: David R. Hancox, CIA, CGFM Co-Author: Government.

2008 Financial Management Institute of Canada – Manitoba Chapter Professional Development Day Presented by: David R. Hancox, CIA, CGFM Co-Author: Government.
Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Contract Monitoring Bernie McHugh & Joe Morrissey.

Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Contract Monitoring Bernie McHugh & Joe Morrissey.
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
INTERNAL AUDIT PROCESS Pre-Audit Presentation. OBJECTIVES OF PRESENTATION  Provide a basic understanding of internal audit  Provide a basic awareness.

INTERNAL AUDIT PROCESS Pre-Audit Presentation. OBJECTIVES OF PRESENTATION  Provide a basic understanding of internal audit  Provide a basic awareness.
Internal Control.

Internal Control.
Chapter 10 Section 404 Audits of Internal Control and Control Risk

Chapter 10 Section 404 Audits of Internal Control and Control Risk
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
HHS Webinar Internal Controls and You: How Internal Controls Can Improve and Protect Your Energy Assistance Program John M. Harvanko, Director Office of.

HHS Webinar Internal Controls and You: How Internal Controls Can Improve and Protect Your Energy Assistance Program John M. Harvanko, Director Office of.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Similar presentations

Ads by Google