Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIVERSITY OF PENNSYLVANIA 1 ASSESSING AND MITIGATING BUSINESS RISK USING INTEGRATED INTERNAL CONTROL FRAMEWORK.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "UNIVERSITY OF PENNSYLVANIA 1 ASSESSING AND MITIGATING BUSINESS RISK USING INTEGRATED INTERNAL CONTROL FRAMEWORK."— Presentation transcript:

1

2 UNIVERSITY OF PENNSYLVANIA 1 ASSESSING AND MITIGATING BUSINESS RISK USING INTEGRATED INTERNAL CONTROL FRAMEWORK

3 UNIVERSITY OF PENNSYLVANIA 2 BUSINESS RISK - WHAT IS IT? Threats to achieving organization’s business objectives

4 UNIVERSITY OF PENNSYLVANIA 3 EXAMPLES OF BUSINESS RISK Having shortsighted goals Processes are ineffective to achieve progressive goals Financial fraud Failure to comply with government regulations Tarnishing reputation

5 UNIVERSITY OF PENNSYLVANIA 4 WHY BE CONCERNED ABOUT RISK? Fierce competition Pressure for increased productivity, responsiveness and responsibility, while reducing costs Powerful new technologies Increased external scrutiny More decentralized accountability

6 UNIVERSITY OF PENNSYLVANIA 5 BUSINESS RISK CAN BE CATEGORIZED - type of business risk that most quickly comes to mind Financial* - protecting monetary funds Strategic - goals of the organization Operational - processes that operationalize goals Compliance - laws and regulations Reputational - public image

7 UNIVERSITY OF PENNSYLVANIA 6 CURRENT EXAMPLES OF FINANCIAL AND REPUTATIONAL DAMAGE Public Demand for Improved Control University of Minnesota Misuse federal grants $32 mil New York University Medical Center Inflated research grant costs $15.5 mil Duke University Sexual harassment $0.5 mil University of Chicago Research fraud and abuse $650,000 Miscellaneous Scientific Misconduct Johns Hopkins Harvard (2) Yale University of Michigan Conflict of Interest $100,000 penalty/1 year probation For Chief Urologist Duke University Medical Center Human Subject Protections University of Wisconsin- Madison False Statements $10,000 Fine/ Prison Birmingham-Southern College Gift/Development Impropriety Columbia/HCA $745 mil Medicare billing

8 UNIVERSITY OF PENNSYLVANIA 7 WHO NEEDS TO BE CONCERNED ABOUT RISK? Everyone in the organization –Agenda for Excellence: “Upgrade the University’s Internal Controls and Compliance mechanisms” 1 Understand your role in identifying and mitigating risk 1 - Source:Agenda for Excellence, Strategic Goal 3, Subgoal 3(b),page S-6

9 UNIVERSITY OF PENNSYLVANIA 8 WHAT CAN BE DONE ABOUT RISK? Eliminate Accept Transfer - insure, outsource Mitigate

10 UNIVERSITY OF PENNSYLVANIA 9 HOW DO YOU MITIGATE RISK? Brainstorm ways to reduce or remove risk Research best practices Select the best alternative (cost-effective)

11 UNIVERSITY OF PENNSYLVANIA 10 WHERE IS RISK FOUND?

12 UNIVERSITY OF PENNSYLVANIA 11 CONTROL ENVIRONMENT: tone at the top, infrastructure, compliance; culture: integrity and competence of people RISK ASSESSMENT: identify, prioritize, mitigate risks; ongoing; wide participation CONTROL ACTIVITIES: processes, procedures, safeguards, access security, authorization MONITORING: throughout INTEGRATED INTERNAL CONTROL FRAMEWORK Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO) http://www.coso.org/ INFORMATION & COMMUNICATION INFORMATION & COMMUNICATION

13 UNIVERSITY OF PENNSYLVANIA 12 CONTROL ENVIRONMENT: FOUNDATION OF ALL OTHER COMPONENTS Established by an institution’s senior management group (President, Provost, EVP, CEO UPHS and Deans) - “tone at the top” Based on attitudes and practices of those in positions of authority Influences the “risk consciousness” of personnel An element in establishing an organization’s culture People

14 UNIVERSITY OF PENNSYLVANIA 13 CONTROL ENVIRONMENT FACTORS Integrity and ethical values Competence Management's philosophy and operating style Responsibility, authority and accountability Human resource practices and policies

15 UNIVERSITY OF PENNSYLVANIA 14 RISK ASSESSMENT: PROCESSES TO IDENTIFY AND ANALYZE BUSINESS RISK Managing in a changing environment requires a constant assessment of risk No practical way exists to reduce risks to zero Management must decide how much risk is acceptable Methods of managing significant risks must be established

16 UNIVERSITY OF PENNSYLVANIA 15 ONGOING RISK ASSESSMENT ACTIVITIES Identify external and internal risks to business objectives Anticipate worst case scenarios Estimate the probability and impact of each risk Establish a proactive, cost-effective plan for managing risks Use this process periodically or ad hoc (restructuring, launching new programs)

17 UNIVERSITY OF PENNSYLVANIA 16 CONTROL ACTIVITIES: SPECIFIC POLICIES AND PROCEDURES DESIGNED TO MITIGATE RISK Policies establish behavioral guidelines Processes and procedures establish how work is to be performed Risk control activities need to occur throughout the organization at all levels and in all functions

18 UNIVERSITY OF PENNSYLVANIA 17 TYPES OF CONTROL ACTIVITIES Review reports of operational performance Information systems and data processing security Segregation of duties (custody, record-keeping, approval/review) Annual performance reviews Reconciliations Limits of authority and access (signatures, ID badges, user IDs, locks)

19 UNIVERSITY OF PENNSYLVANIA 18 INFORMATION AND COMMUNICATION Information systems must provide data that is: –Accurate, reliable and sufficiently detailed –Timely, understandable and useable Information must be provided to the right people in time to allow appropriate response Communication flow must be: –Up and down through the organization –Across organizational boundaries

20 UNIVERSITY OF PENNSYLVANIA 19 INFORMATION AND COMMUNICATION SYSTEMS Information systems should: –Allow systematic monitoring of strategic plans –Provide operational, financial and compliance- related information Communication systems should ensure: –Responsibilities are effectively communicated to all employees –Channels exist for suspected improprieties to be reported without fear of retribution –Employees’ ideas and suggestions are solicited, acknowledged and considered

21 UNIVERSITY OF PENNSYLVANIA 20 MONITORING Processes assessing quality of institution's performance over time - feedback loop Control environment, risk assessment activities, control activities, and information channels should be monitored and periodically evaluated for effectiveness Provides early warning signs

22 UNIVERSITY OF PENNSYLVANIA 21 ONGOING MONITORING ACTIVITIES CE: Culture study RA: Annual assessment of risks CA: Monitoring of performance indicators I&C: Determining emerging information needs Objective external reviews

23 UNIVERSITY OF PENNSYLVANIA 22 SUMMARY Business risk encompasses strategic, operational, financial, compliance, reputational risk Everyone is responsible to assess and mitigate risk

Download ppt "UNIVERSITY OF PENNSYLVANIA 1 ASSESSING AND MITIGATING BUSINESS RISK USING INTEGRATED INTERNAL CONTROL FRAMEWORK."

Similar presentations

Internal Control Integrated Framework

Internal Control Integrated Framework
Office of the Controller and Internal Controls Sandra Featherson Associate Director of Controls Office of the Controller February 2010.

Office of the Controller and Internal Controls Sandra Featherson Associate Director of Controls Office of the Controller February 2010.
An Internal Control Overview

An Internal Control Overview
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER New York State Office of the State Comptroller Thomas P. DiNapoli, Comptroller Office of Operations John.
1 Continuous Learning for Administrators of Sponsored Programs (CLASP) A Joint Initiative of the Office of Research and Costing Standards (ORACS), Office.

1 Continuous Learning for Administrators of Sponsored Programs (CLASP) A Joint Initiative of the Office of Research and Costing Standards (ORACS), Office.
Internal Control.

Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Risk Assessment Frameworks

Risk Assessment Frameworks
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.

Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.

Similar presentations

Ads by Google