Upload
christine-blankenship
View
213
Download
0
Embed Size (px)
Citation preview
What is Risk Management?Whose responsibility is it in your institution?
Mark Weatherley
What is Risk Management?Whose responsibility is it in your institution?
Am I a Risk Manager?
Risk: What Is It?
The chance that something you don’t want to happen will
Or the likelihood that something you would like to happen doesn’t because you didn’t take the chance
Three main risk categories– Common to all entities– Strategy driven for a particular entity– Industry specific
Risk: Four Choices Available
Transfer risk to another partyDesign and apply appropriate internal
controlsAvoid engaging in the activity Accept risk
What is Risk Management?
Risk management is about :
1. Identifying and assessing key risks
2. Designing and implementing processes by which those risks can be managed
3. Maintaining residual risks at a level acceptable to the Board
Whose Responsibility Is It?
BoardManagementInternal AuditOther specialists
IIA New Definition of the Role of Internal Audit
Internal Audit is an independentindependent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.
It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of risk management, control and corporate governance processes.
Key Attributes of IA
Independent ObjectiveKnowledge of University, its people,
systems and processSkills in risk management, documentation,
evaluation and assessmentProvides services to the Board and
management
IA Skills in Risk Management
Systematic analysis of business process– IA performs organisation-wide risk assessment
involving management• See next slide
– IA prepares an inventory of processes– IA determines audit priorities based on the risk
assessment
McGill UniversityRisk Assessment Overview
Likelihood of Exposure
Con
sequ
ence
Significant
Insignificant
Low High
VP, IST
VP, Academic
Law
LibrariesDentistry
Medicine
VP, D & AR
Agriculture & Environment
VP, A & F
Arts
ContinuingEducation
Engineering
ReligiousStudies
StudentServices
Science
Education
VP, R & Gs
High Risk Moderate Risk Low Risk Core Processes
PrincipalSecretariat
Music
Management
IA Skills in Risk Management (Cont’d)
Objective assessments for process effectiveness– audit projects include:
• Identification of components, deliverables or processes
• Risk assessment of the unit involving management• Definition of audit priorities based on the risk
assessment• Assessment of control design• Tests on control effectiveness
IA Skills in Risk Management (Cont’d)
Independent reporting and assessment of ways to change or improve processes– Audit reports include recommendations to
improve :• Control design
• Control effectiveness
IA Skills in Risk Management (Cont’d)
Ability to spread good practices across the organisation– Design and offer training sessions to
management– Provide useful information through the IA
web site
How IA Helps the Risk Management Process?
Assessment of the adequacy and effectiveness of risk management processes which includes:– Identification of risks– Prioritization of risks– Design of controls– Control effectiveness– Reporting
How IA Helps the Risk Management Process? (Cont’d)
Assessment of residual risksAssessment of other specialist units also
providing assurance and advice– eg
• Health and Safety
• Environment
• Legal Services
• Insurance
How IA Helps the Risk Management Process? (Cont’d)
Consultants to assist the Board and management in the development of documented risk management processes– Risk identification and assessment– Development of policies and procedures on
risk and control– Mechanisms to review the effectiveness of risk
management and internal control
What Internal Audit Does Not Do
Judge the appropriateness of the objectives of the organisation
Judge the Board’s strategies to achieve objectives
Benefits From Effective Risk Management Process
Enhances the ability to achieve the University’s objectives
Defines risk tolerance and acceptance of the Board
Leads to informed decision-makingDirects the effective allocation of
resources and management time
Key Reference Source
Risk Management and the value added by Internal Audit, published by the Institute of Chartered Accountants in England & Wales (ICAEW), www.icaew.co.uk/internalaudit, ISBN 1-84152-038-1