LACCD Risk Assessment training
advertisement
LACCD RISK ASSESSMENT Presented by Arnold Jenner Blanshard, CPA/MBA Director, Internal Audit Department 1 AGENDA 1. Welcome 2. Risk Management A. Risk Terminology B. Risk Management Purpose 3. Risk Frame Work A. Risk Category Definitions B. Risk Framework C. Risk Assessment Tool 2 AGENDA Cont. 1 4. Risk Identification Process A. Identifying and Assessing Risk B. Identifying and Assessing Controls 5. EXAMPLES 6. Questions 3 Course Objective This course will prepare you to • identify and assess Risk in your auditees environment • Evaluate controls that are currently in place (if 4 Course objectives Cont. By the end of this course, you will be able to: • Describe the purpose of risk management. • Explain the five risk categories • Describe the risk identification process • Identify and assess risks and controls in your auditee's department. • Make Recommendation that would set strong controls to mitigates risks identified. 5 Risk Management is Everyone’s responsibility: BOD Exec Mgmt Tone at the top Directors & Senior Managers Middle Manager Employees First Line of Defense from undue Risk Board Committees, Executive, Internal Audit, Legal Compliance, Security, Provide ongoing support and independent Review of Risk Management practices. 6 WHAT IS INTERNAL CONTROL ? In basic term, internal control are the daily operating guidelines used by a company. 7 WHAT IS INTERNAL CONTROL ? Cont 1 These controls are processes, effected by people at every level (I. E.) board of directors, management, and other personnel, 8 WHAT IS INTERNAL CONTROL ? Cont. 2 designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 9 WHAT IS INTERNAL CONTROL ? Cont 3 (1)Operations run Effectively and efficiently to achieve performance target and increase competitive advantage 10 WHAT IS INTERNAL CONTROL? Cont 4 (2) Financial reporting is accurate and timely with sufficient information to support decision 11 WHAT IS INTERNAL CONTROL? Cont 5 (3) Policies and procedures comply with all applicable laws and regulations. 12 WHAT IS INTERNAL AUDITING ? Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. 13 WHAT IS INTERNAL AUDITING ? CONT It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate, monitor and improve the effectiveness of risk management, control, and governance processes. 14 WHAT IS THE FUNCTION OF THE INTERNAL AUDITOR ? The Internal auditor’s work encompasses the examination and evaluation of the adequacy and effectiveness of the organization's system of internal control and the quality of the organization's performance. 15 WHO DOES THE INTERNAL AUDIT DEPARTMENT REPORT TO ? internal audit DEPARTMENT Reports DIRECTLY TO cfo/treasurer WITH DOTTED LINE TO THE BUDGET & finance committee 16 WHO IS THE AUDIT COMMITTEE ? THE AUDIT COMMITTEE IS MADE OF MEMBERS OF THE BOARD OF trustees. THE COMMITTEE IS RESPONSIBLE FOR MONITORING MANAGEMENT AND STAFF; COMPLIANCE WITH the BOARD OF Directors POLICIES AND APPLICABLE LAWS AND Regulations. THIS IS Ascertained THROUGH THE FUNCTIONS OF THE INTERNAL AUDIT DEPARTMENT. 17 Risk Terminology RISK: the chance of something adverse and unexpected happening that will affect corporate business (policies & procedures) objective and /or financial performance. 18 Risk Terminology Examples OF RISK: 1. CAR: Low Oil, No water, won't start, and Flat tire 2. Shopping: Not finding what you want: Spending a lot of money for something that’s not worth that amount 3. Relationship; you or your partner would cheat, someone will take your partner away from you 4. Work; the risk that I will not meet that deadline: the risk that I Could be late for work. 19 Risk Terminology cont. Control: the ACTION PLAN (TASKS OR PROCESSES) FORMULATED AND IMPLEMENTED TO REDUCE THE PROBABILITY OF CRITICAL RISKS OCURRING AND POTENTIAL DAMAGE TO THE BUSINESS. 20 Risk Terminology cont. Examples of Control: 1. Car: check oil & water weekly; regular service check up, monthly SERVICE check up of tire. 2. Using the internet to locate items you want to buy; shop more than three stores before making a purchase 21 Risk Terminology cont. Examples of Control: 3. Set rules that will diminish any remote idea of cheating; evaluate the type of person before becoming partners. 4. Set your deadline a week ahead of the actual deadline; give yourself 15 minutes earlier as your start time 22 Risk PROCESS IDENTIFY ASSESS RISK MANAGEMENT CONTROL/ MONITOR 23 FIVE Risk Categories: CREDIT Operational Strategic Reputation Market I 24 Risk Categories: Credit Cont.1 Credit Risk includes: 1. Default ( or failure to perform) by an economic or legal entity with which the company does business. 2. Loss or opportunity cost as a result of the failure of a counterparty or customer to honor its obligations in a timely manner. 25 Risk Categories: Operational. Operational: Arises from the • • • • • potential that THE COMPANY Has inadequate information systems, operational problems, breaches in internal controls, fraud An Unforeseen catastrophe could result in unexpected financial loss 26 Risk Categories: Operational Sub-Category cont.1 Description The risk that the company is unable to HUMAN RESOURCE attract, retain and properly train .MANAGEMENT RISK qualified individual to carry out its strategic plan. The risk that vendors do not provide the Vendor service for which they are being paid and Management Risk hence jeopardize our client relationship for lack of service The risk that assets which LACCD holds ( or holds at depositories) for the Custody of Asset company, in collateral or for its Risk customers, are not properly safeguarded. 27 Risk Categories: Operational cont. 2 Sub-Category Description Accounting and Financial Public Disclosure Risk The risk that accounting and/or financial information is inaccurate, untimely or unsupported by records, exposing the company to potential undisclosed position or losses. . Technology Risk The risk that automated systems do not adequately support the operational and business needs of LACCD (DISTRICTWIDE) Physical Security, Natural Hazard and environmental risk The risk that insurance converges are inadequate to mitigate potential losses in the operational and business activities of LACCD (DISTRICTWIDE). This risk includes the possibility that unseen catastrophes (controllable or uncontrollable) will result in unexpected losses to the Company. 28 Risk Categories: Operational Sub-Category Cont.3 Description Fraud and Embezzlement Risk (Internal and External) The risk that monies and other Instruments /information of value are taken by theft. Political /government .Affairs Risk The risk that changes in legislation or the political environment may disrupt or otherwise negatively affect normal business operation. Modeling Risk The risk that financial models ( such as end user Excel spreadsheets) designed and used by employees are not accurate as to spreadsheet analytics, mathematics and assumptions. These inaccuracies yield faulty results and hence critical strategic decision are made based upon these flawed conclusion. 29 Risk Categories: Operational Sub-Category Cont.4 Description Current and prospective . Loss Payment Exposure/Claims risk to earning and/or capital claims are improperly adjudicated; claim and Incurred But not Reported (IBNR) reserves are not adequate; reinsurance is not available 30 Risk Categories: Operational Sub-Category . Compliance/ regulatory/ legal Risk Cont.5 Description The risk that arises from violation or non-conformance with laws, rules, and regulations, prescribed practices ethical standards the company’s policies may be ambiguous. 31 Risk Categories: Operational Sub-Category . Compliance/ regulatory/ legal Risk Cont.6 Description Resulting: unenforceable contracts, lawsuits adverse judgments can disrupt Operation or otherwise negatively affect operations. exposes the foundation to fines, civil monetary, penalties, payment of damage, voiding of contracts, ect 32 Risk Categories: Cont. MARKET: THE RISK THAT ADVERSE MOVEMENTS IN MARKET RATES OR PRICES, SUCH AS INTEREST RATE AND COMPETITORS PRICE COULD NEGATIVELY AFFECT THE MARKET VALUE OF LACCD (DISTRICTWIDE) (ASSETS AND/OR LIABILITIES). 33 Risk Categories: Market Sub-Category Cont.1 Description . Interest Rate Risk Margin and other profitability exposure due to interest rate fluctuations. Price risk The Company's price sensitivity to market and competitive factors 34 Risk Categories: Market Sub-Category . Liquidity Risk Cont.2 Description FUNDING LIQUIDITY: Risk that the Company is unable to meet contractual obligations as they become due because of an inability to liquidate assets Market liquidity risk: obtain adequate funding without incurring unacceptable losses. 35 Risk Categories: Market Sub-Category Cont.3 Description . Liquidity Risk Loss of liquidity can be due: (A)funding sources and costs, (B) diversity of those sources , and cash flow. 36 Risk Categories: Cont. REPUTATION: IS the potential that negative publicity or public opinion regarding an institution’s business practices whether true or not, will trigger a decline in the customer base, costly litigation or revenue reductions. 37 Risk Categories: Cont. REPUTATION: The risk that poorly designed business strategy and /or inadequate controls surrounding credit, operational and market risks will result in significantly undermining the company’s reputation. 38 Risk Categories: Reputation.cont.1 Reputation Risk cover such stakeholders as: Members AND POTENTIAL MEMBERS Regulatory community (Federal and state agencies) Vendors Providers Other entities 39 Risk Categories. Operational Arises from the potential that inadequate information system, operational problems, breaches in internal control, fraud or an unforeseen catastrophe could result in unexpected financial loss and /or regulatory noncompliance to the company CREDIT Is the exposure to actual loss or opportunity losses due to a borrower's or counterparty's failure to perform on its obligations in accordance with agreed terms Strategic is the current or prospective risk to earnings and capital arising from adverse business decisions , improper implementation of decisions or lack of responsiveness to changes in the business environment Reputation Is the potential that negative publicity or public opinion regarding an institution's business practices, whether true or not , will trigger a decline in the customer base, costly litigation or revenue reductions. Market Is the risk that adverse movements in market from competitors could negatively affect the market value of UHP Healthcare assets and/or liabilities. 40 RISK FRAMEWORK EXTERNAL INFLUENCES MEMBERS MEDIA REGULATORS COMPETITION MARKETS ECONOMIC ENVIRONMENT STRATEGIC RISK CREDIT RISK OPERATION RISK MARKET RISK REPUTATION RISK 41 EXAMPLE RISK ASSESSMENT TOOL. ↓RISK CONSEQUENCES High AVOID Considerable Moderate Accept Transfer Accept Mitigate Marginal Low Accept No Mitigation Required Risk Probability → Improbable Doubtful Moderate Possible Probable 42 IDENTIFYING AND ASSESING RISKS Use your Policies and Procedures to identify each process and then identify the risk associated with that process. Use the sample questions sample Risk Question.xlsand risk category definitions to help you brainstorm all risks in your department processes, activities and products. 43 IDENTIFYING AND ASSESING CONTROL Identify all controls for each risk you identify in your business processes, activities and products. Use the tip for evaluating control to assess the quality of total control currently in place. Tips For Evaluating control summaries.doc Determine Who is responsible for each control ( management- level position) 44 EXAMPLES sample Risk .xls 45 QUESTIONS ? 46 47
