Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers.

Published byMilo Watts Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers."— Presentation transcript:

1 Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers

2 Introduction Background and context What is risk management? Why is risk management important? Birmingham City Council’s approach Risk registers Mapping to the audit plan What’s next? Conclusion and questions abc

3 Background and context - the CIPFA/SOLACE Framework Structures & Processes Standards of Conduct Service Delivery Arrangements Community Focus Risk Management and Internal Control abc

4 Background and context - CIPFA definition of Internal Audit Service Delivery Arrangements abc Internal Audit is an assurance function that primarily provides an independent and objective opinion to the organisation on the control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the organisation’s objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources. Source: 2003 Code of Practice for Internal Audit

5 Background and context What has BCC done? Reviewed existing Corporate Governance arrangements Adopted the CIPFA/SOLACE framework Prepared and adopted a local Code of Corporate Governance Identified the Strategic Director of Resources as Officer “Corporate Governance Champion” and Deputy Leader as Member “Corporate Governance Champion” Established a Corporate Governance Action Plan Developed the Constitution Worked on embedding Risk Management abc

6 What is risk management? Definition: Risk management is about making the most of opportunities (making the right decisions) and about achieving objectives once those decisions are made Source: Solace/Zurich Municipal abc

7 What is risk management? It is a tool that can help to prioritise where resources should be targeted. Failure to manage risk effectively may result in financial losses, disruption to services, threats to public health and safety, bad publicity or claims for compensation. Need to ask: What are the barriers to us achieving our targets/plans? What are the worse things that could happen to us? How likely are they to happen? Are sufficient steps being taken to prevent them from happening? abc

8 What is risk management? RISK IDENTIFICATION RISK ANALYSIS PRIORITISATION RISK MANAGEMENT MONITORING abc

9 Why is risk management important? Need to manage the risks identified, have clear action plans with measurable performance indicators/targets, key dates and responsible officers in place. Need to monitor how effective the action plans are at reducing the risk impact/likelihood. If not effective a different approach to manage the risk needs to be put in place. abc

10 BCC approach to Risk Management Risk management strategy approved by Cabinet July 2001, updated in October 2002 and again in 2004. Risk Champion nominated by each Directorate’s Management Team. Initial training provided to Risk Champions and some staff within Birmingham Audit by Zurich. Head of Birmingham Audit tasked with leading on risk management - presentations done to Management Teams, facilitation at risk identification workshops. Briefings/training provided to Divisional reps. Risk management documents updated and distributed - internally and externally. abc

11 Risk Registers Directorate risk registers produced and top 10 - 15 risks per Directorate nominated to form basis of first Corporate Risk Register. Corporate risk management group formed - currently consists of Deputy Leader, Strategic Director of Resources, Director of Performance Improvement and the Head of Birmingham Audit. Corporate risk register updated. Now working to develop Divisional and Service level risk registers. Also applied to projects. Corporate Risk Register process has been altered to try to speed up the refresh process and include “issues” as well as risks. abc

12 Risk Register abc Date: Risk / Opportunity owner: Date: Risk / Opportunity owner: Date: Risk / Opportunity owner: Date: Risk / Opportunity owner: Further control proposed, an date for implementation Residual Risk (Likelihood Impact) Description of current controls /mitigation in place & date when controls were last reviewed and reported upon Inherent Risk (Likelihood/ Impact) Description of Risk / Opportunity and Risk / Opportunity owner No. Counter MeasuresRisk / opportunity information

13 Action Plan abc What further action is to be taken to control, modify, transfer or eliminate the residual risk? Who is to take this further action? When will the further action occur? What main controls are currently in place? Who is responsible for each main control? What action is being taken relating to each main control? When was the last check of the effectiveness of the main controls in place carried out and who were the results reported to? Description of risks that could prevent the objective being met/ opportunities that could be missed: Target risk Likelihood/Impact If residual risk not accepted what approach has been agreed? Control risk Modify risk Transfer risk Eliminate risk Consequences if the risk event occurred or the opportunity is missed: Residual risk accepted? Y / N Residual Risk Likelihood/Impact Objective the risk or opportunity is linked to or arises from: Inherent Risk Likelihood/Impact Risk Register No. & Risk owner:

14 Mapping to the Audit Plan Early days yet but we are: Using the areas highlighted on the Corporate Risk Register to identify areas for audit review. Using Directorate risk registers to inform the audit plan and the focus of work programmes Using risk management approach to help with areas of known vulnerability. Auditing the risk management process too! abc

15 What’s next? We have purchased Magique - a computerised risk management system that integrates with our audit management system (Galileo) and will help to drive the risk based plan. Magique is being customised to suit our needs and is being tested. We plan to pilot Magique by using it for the Corporate Risk Register and a volunteer Directorate / Division. We will use the information from the registers and action plans to identify the key controls to be audited and to highlight where risks are severe but not being managed. abc

16 Conclusion and questions Concluding points: Stress that risk management is not new - it is good management practice. Link in with business planning and performance management. Keep in mind the bigger picture regarding Corporate Governance and Assurance Statements. Internal Audit cannot ignore risk management. Any questions? abc

Download ppt "Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers."

Similar presentations

Project Quality Plans Gillian Sandilands Director of Quality

Project Quality Plans Gillian Sandilands Director of Quality
1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.

1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.
A Joint Code of Practice Objectives and Summary Presentation

A Joint Code of Practice Objectives and Summary Presentation
The Department of Energy Enterprise Risk Management Model

The Department of Energy Enterprise Risk Management Model
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Managing Risk: A Framework and Reporting Cycle 2014.

Managing Risk: A Framework and Reporting Cycle 2014.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Calderdale Children & Young Peoples Service

Calderdale Children & Young Peoples Service
© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working: Follow Up Review Vale of Glamorgan Council Final Report- November 2009.

© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working: Follow Up Review Vale of Glamorgan Council Final Report- November 2009.
Child Safeguarding Standards

Child Safeguarding Standards
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Introduction to Risk Management 26 September 2014 Peter Fowler CPPD.

Introduction to Risk Management 26 September 2014 Peter Fowler CPPD.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.

© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
ENVIRONMENTAL MANAGEMENT PLAN

ENVIRONMENTAL MANAGEMENT PLAN
Risk based internal auditing – an introduction Slides of figures and appendices ©David M Griffiths www.internalaudit.biz.

Risk based internal auditing – an introduction Slides of figures and appendices ©David M Griffiths
Financial Management and Control Arrangements in Practice Monika Kos, Ministry of Finance, the Republic of Poland.

Financial Management and Control Arrangements in Practice Monika Kos, Ministry of Finance, the Republic of Poland.
Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.

Benefits for using a standardised risk management framework to risk assess Infection Prevention and Control Sue Greig Senior Project Officer National.
HDA’s revised strategic direction and Annual Performance Plan 2013/14 March 2013.

HDA’s revised strategic direction and Annual Performance Plan 2013/14 March 2013.

Similar presentations

Ads by Google