A Global Trend In Local Government
|
|
- Cecilia Rice
- 6 years ago
- Views:
Transcription
1 Enterprise Risk Management A Global Trend In Local Government By James J. Kline and Greg Hutchins
2 Risks prevent an organization from achieving its goals. Organizations benefit when management successfully identifies risks and takes steps to lessen their negative impact, and enterprise risk management (ERM) methodology makes it easier to identify and mitigate risk. ERM integrates well with other management techniques and helps organizations recognize ways to improve service and increase revenue. ERM, which was developed in the private sector, is now being used in the public sector. The U.S. federal government mandates the use of ERM, as do the states of Tennessee and Washington. Local governments in the United Kingdom and South Africa also require ERM. Around the world, many other local governments have an ERM policy, but the United States has been slower to adopt ERM than its global counterparts. This article discusses the core ERM methodology and how local governments around the world are applying it. GLOBAL AND LOCAL REACH A review of local government websites provides a rough assessment of ERM s reach into the public sector (see Exhibit 1). The United Kingdom requires local governments to perform risk assessment, an aspect of ERM, as part of its Best Value practice. Local governments in the United States lag in ERM usage: Of 132 local governments reviewed, only three (2 percent) use some aspect of ERM. The City of Houston, Texas, has an ERM policy, and in Carson City, Nevada, and Modesto, California, ERM studies are underway. Only two states, Exhibit 1: ERM in Local Governments Country Number of Percentage of Websites Reviewed Local Governments with an ERM Policy Australia 77 33% New Zealand 15 33% Canada 79 17% United States 132 2% Tennessee and Washington, require the use of ERM. At the international level, South Africa mandates ERM. In the United States, federal departments were required to implement ERM by October 2017, according to Circular A-123 issued by the Office of Management and Budget (OMB). THE ERM METHODOLOGY ERM integrates well with other management techniques and helps organizations recognize ways to improve service and increase revenue. The OMB has identified three major ERM methodologies: n Orange Book: Management of Risk Principles and Concepts, by the Enterprise Risk Management Initiative (erm.ncsu.edu) n Committee for Sponsoring Organizations of the Treadway Commission (COSO, at coso.org) n International Organization for Standardization (ISO 31000, at iso.org) The United Kingdom uses Orange Book. The private sector uses COSO, and South Africa requires its use. ISO is the international standard that is used by local governments in Australia, Canada, and New Zealand. All three ERM methodologies follow the same basic steps: n Establish Context. Identify stakeholders, risk owners, and the risk-creating elements in the environment. n Identify the Risk. Identify the threats to operational and strategic goals by evaluating available data, interviews, experience, and other inputs. n Assess the Risk. Determine the severity of each risk s impact by asking, How likely is the risk, and what is its potential effect? n Prioritize the Risk. Create a risk register by first listing the risks in order of severity of impact and then prioritizing the risks for potential treatment. n Treat the Risk. Decide how to respond to each prioritized risk: accept, mitigate, share, or transfer. n Monitor. Continually review the risk register to determine if risks must be added or deleted, or if the treatment should be changed. Exhibit 2 shows the relationship between the basic steps of the COSO methodology (listed in the left column) and other December 2017 Government Finance Review 29
3 Exhibit 2: The Relationship between COSO and Other Approaches COSO Process Inputs Types of Approaches Outputs Risk Identification n Strategy and objectives n Data tracking n Risk universe n Risk appetite and acceptable n Interviews variation in performance n Facilitated workshops n Questionnaires/surveys n Process analysis n Leading indicators Assessment n Risk universe n Probabilistic modeling n Risk assessment results n Risk severity measures n Non-probabilistic modeling (sensitivity analysis) n Judgmental evaluation n Benchmarking n Heat map Prioritizing Risk n Prioritized risk assessment results n Judgmental evaluations n Prioritized risk n Prioritization criteria n Quantitative scoring methods assessment results Responding to Risk n Prioritized risk assessment results n Risk profile templates n Develop risk response or pro forma risk profiles n Residual risk n Cost-benefit analysis assessment results Developing a Portfolio View n Residual risk assessment results n Judgmental evaluations n Portfolio view of risk n Quantitative scoring methods Monitoring Performance n Residual risk assessment results n Dashboards n Corrective actions n Performance reports Source: Figure 8.1 COSO June 2016 Public Exposure risk assessment approaches. Many of these techniques will be new to both finance and accounting professionals. ISO s risk assessment manual (ISO 31010) lists 31 similar methods, and seven of these are common quality improvement techniques. Other approaches include environment risk assessment, structured interviews, business impact analysis, and the Consequence-Probability Matrix. THE RISK REGISTER The risk register is a key product of the ERM methodology. It lists the identified risks by severity and provides information that helps the user develop an operational and strategic plan. Exhibit 3 provides an example based on a risk register created by the Eden Municipal District Fire Department of South Africa. The risk register is a key product of the ERM methodology. It lists the identified risks by severity and provides information that helps the user develop an operational and strategic plan. THE MANAGEMENT PROCESS AND ERM The standalone ERM methodology is just one part of the management toolkit. The City of Oshawa, Ontario, provides a good example of how different tools can be used together. Oshawa uses a core service review and a continuous improvement framework, which includes Lean initiatives, internal audits, service reviews, and risk management. Exhibit 4 shows the four continuous improvement framework tools and how they work together, in relationship to the city s strategic direction and the annual departmental budgets. Each tool fulfills a different purpose: n The core service review helps determine which services (and level of services) the city can and should 30 Government Finance Review December 2017
4 Exhibit 3: A Risk Register Risk Type Risk Category Risk Level Cause of Risk (Root Cause) Impact Strategic Skills and Capacity High Shortage of staff Catastrophic Operational Service Delivery High Shortage of funds to attend forums, Catastrophic where best practice models are discussed (internal and external political interference) Strategic Governance High Lack of strategic leadership Catastrophic Operational Governance Extreme Lack of skills development and training Catastrophic Operational Compliance Extreme Lack of internal coordination Catastrophic (shortage of budget, capacity, and tools) Source: Eden Municipal District Fire Department Risk Register, South Africa provide. It includes two categories: mandated/legislated and discretionary. n Lean initiatives are used to continually improve customer service and decrease waste and costs. n Internal audits provide assurance that the city s processes, governance, and risk management are consistent with prescribed practices. They are also used to evaluate specific operations. n Service reviews, which are less formal than Lean initiatives, also seek to increase efficiency, reduce costs, and improve customer service. n Risk management provides a planned and consistent approach to identifying and reducing the impact of risks. Oshawa s Lean initiatives program demonstrates the impact of the continuous improvement framework, improving customer service and operational efficiency. For example, a Exhibit 4: Continuous Improvement Framework Tools in Relationship with a City s Strategic Direction and Annual Budget Strategic Direction There is corporate alignment with the strategic direction found in the Oshawa strategic plan and the financial strategy. Lean Initiatives Processes are streamlined, redundancies eliminated, and new opportunities identified while tapping into front-line knowledge and experience. Service Reviews Attention is given to what services the city provides and how they are provided, while respecting the role of government, public interest, affordability, and value for money. Leadership Competencies Internal Audit The city s auditing firm, in cooperation with city staff, undertakes evidence-based research to ensure efficient and effective service delivery, accountability, and consistent and clear policy direction. Risk Management A clearly defined corporate risk management policy and procedure helps the corporate leadership team and departments proactively identify, assess, and manage risk. Annual Department Business Plans and Budget Process Strategic direction and identified opportunities inform the annual budget process and are implemented by the departments. Source: City Core Service Review and the City s Continuous Improvement Framework, the City of Oshawa, Ontario. December 2017 Government Finance Review 31
5 Exhibit 5: The Impact of the Continuous Improvement Framework Criteria Core Service Review Lean Initiatives Internal Audit Service Reviews Risk Management Frequency Infrequent Ongoing Ongoing Ongoing Ongoing (1 in 10 years) Categorizes High High High High Low Services Engages Low High High High Medium Front-Line Staff Evidence-Based Medium High High High Medium Accountability Medium High High High High Focus on Efficiency Medium High High High High and Effectiveness Focus on Medium High High High Medium Innovation Reduces Risk Low High High High High Exposure Success Rate Low High High High High Source: City of Oshawa Core Service Review and the City s Continuous Improvement Framework finance department project reduced the processing time for contracted waste services payments, and a Human Resources project streamlined the recruitment process. Evaluating and refining the planning applications approval process resulted in shorter approval times and improved customer relations. Annual budgets incorporate these efficiency improvements, and strategic decisions are based on the prioritization. The city completed 32 initiatives between 2014 and 2017, and now has 14 underway and 9 planned. Exhibit 5 shows these activities categorized by operational criteria. Core services review is done once every 10 years, and the other activities are ongoing. All activities, with the exception of risk management, provide a high level of service assessment (i.e., evaluation). Risk management, however, reduces risk exposure and increases success rates, efficiency and effectiveness, and accountability at high levels. COST AND BENEFIT OF ERM Even though ERM is a defined methodology that complements other management practices, cost versus benefit remains a common concern. Below, we will look at two examples of the benefits of risk mitigation. The City of Windsor, Ontario, evaluated the benefits of ERM by forecasting risk events, while the Electric Power Board of Chattanooga, Tennessee, demonstrated the real financial benefits of avoiding risk. City of Windsor. In 2014, the city conducted an ERM cost benefit study after the auditor recommended adopting the methodology. Exhibit 6 shows the aggregate cost breakdown. 32 Government Finance Review December 2017
6 Exhibit 6: Aggregate Breakdown of ERM Cost Benefit Study Estimated Costs One-Time Annual Development Phase Staff Time $51,780 Consulting time for $24,603 training and assistance Operational Phase Staffing, software, etc. $43,347 Total Cost $76,383 $43,347 Source: City of Windsor Cost Benefit Analysis of Enterprise Risk Management The city evaluated the ERM development costs, which included consultant fees and staff time, and determined that cash carryover from the previous year could pay for the consultant costs ($24,603). Because ERM benefitted the whole organization, management approved a shift of staff time ($51,780). Electric Power Board of Chattanooga. The Electric Power Board (EPB) of Chattanooga actually saved money by avoiding risk. EPB upgraded its system after Volkswagen proposed building a plant in the Chattanooga area, but was concerned about frequent power outages caused by tornados. EPB wanted to help ensure the plant s development, so the agency agreed to upgrade to fiber optics and include automated switching to reduce the chances of power outages. Automated switching for one storm in 2012 saved more $1 million in overtime costs. The system upgrade also included automatic meter reading, which provided an annual saving of $1.6 million, and high speed Internet, which significantly increased the revenue stream. By mitigating the risk of power outages caused by tornados, EPB enhanced the efficiency of its system, saved money, and increased revenue. CONCLUSIONS The basic elements of ERM are well defined, although various models exist. ERM integrates well with other management techniques to provide value to an organization. The ERM process of risk identification and mitigation can reduce the adverse impact of risk events and also help identify additional ways to improve service and enhance revenue. y The city evaluated the feasibility of ERM by considering the operational costs and identifying the potential financial consequences of risk events. The operational cost was estimated at $43,347. The cost of risk events fell into three categories: high (more than $500,000), medium ($25,000 to $500,000), and low (less than $25,000). In order for ERM to be beneficial, the city determined that it would have to identify and avoid one high risk every 10 years, one medium risk every five years, and two low risks every year. After comparing actual past risk events to the potential for avoiding risk events with ERM, the city decided to adopt ERM. The standalone ERM methodology is just one part of the management toolkit; different tools can be used together. One city, for example, uses a core service review and a continuous improvement framework, which includes Lean initiatives, internal audits, service reviews, and risk management. JAMES J. KLINE is a senior member of the American Society for Quality, a Six Sigma green belt, a manager of quality/organizational excellence, and a certified enterprise risk manager. He has more than ten years of supervisory and managerial experience in both the public and private sector and has consulted on economic, quality, and workforce development issues for state and local governments. He can be reached at jeffreyk12011@ live.com. GREG HUTCHINS is the chief executive officer of QualityPlusEngineering, a quality and risk consulting firm, and cofounder of the CERMAcademy, which publishes Risk Insights, a risk e-magazine, and provides enterprise risk management training and certification. He has conducted quality and risk studies for Fortune 500 companies, the State of Oregon and the Federal Aviation Administration. He has written a number of books, including Value Added Auditing, ISO: Risk Based Thinking, and ISO 31000: Enterprise Risk Management. He can be reached at gregh@qualityplusengineering.com. December 2017 Government Finance Review 33
MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework
MEMORANDUM To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 Re: ERM Policy and Framework Executive Summary Attached are the draft Enterprise Risk Management
More informationPractical aspects of determining and applying a risk appetite for SMEs
Practical aspects of determining and applying a risk appetite for SMEs By Tim Timchur acis, Director, ActivePro Consulting Pty Ltd Important to determine appetite for risk before determining what risk
More informationGOV : Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management GOV-080-005: Enterprise Risk Management Policy Draft Date: November 2006; January 2012 Revised
More informationEnterprise Risk Management Integrated Framework
ISACA S IT Audit, Information Security & Risk Insights Africa 2014, Alisa Hotel Enterprise Risk Management Integrated Framework Tony Bediako May 20, 2014 Today s organizations are concerned about: Risk
More informationENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework
ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework ENTERPRISE RISK MANAGEMENT (ERM) ERM Definition The Conceptual Frameworks: CAS and COSO Risk Categories Implementing ERM Why ERM? ERM Maturity
More informationApplying COSO s Enterprise Risk Management Integrated Framework
Applying COSO s Enterprise Risk Management Integrated Framework COSO COSO stands for the Committee Of Sponsoring Organizations of the Treadway Commission. The sponsoring organizations are: Institute of
More informationDepartment of Homeland Security Office of Inspector General
Department of Homeland Security Office of Inspector General Immigration and Customs Enforcement Information Technology Management Progresses But Challenges Remain OIG-10-90 May 2010 Office of Inspector
More informationProcedures for Management of Risk
Procedures for Management of Policy Sponsor: Name of Parent Policy: Policy Contact: Procedure Contact: Vice President Finance and Administration Enterprise Management Policy Vice President Finance and
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY 1. INTRODUCTION Seven West Media Limited (SWM) is the leading, listed national multi-platform media business based in Australia, which exposes the company to a wide range of risks.
More informationUNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy
UNITED NATIONS JOINT STAFF PENSION FUND Enterprise-wide Risk Management Policy 15 April 2016 Page 1 Table of Contents Page Preface I. Introduction 3 II. Definition 4 III. UNSJFP Enterprise-wide Risk Management
More informationก ก Tools and Techniques for Enterprise Risk Management (ERM)
ก ก Tools and Techniques for Enterprise Risk Management (ERM) COSO ERM ISO ERM 31 2554 10:45 12:15.. 301, 302, 307 ก ก COSO Internal Control ERM Integrated Framework Application Technique ISO 31000 Guide
More informationRISK MANAGEMENT POLICY Dublin & Dun Laoghaire ETB May 2016
RISK MANAGEMENT POLICY Dublin & Dun Laoghaire ETB May 2016 Contents 1. Policy statement 2 2. Purpose 2 3. Scope 2 4. Legislation, codes of practice, standards and guidance 2 5. Objectives 2 6. Definitions
More informationENTERPRISE RISK MANAGEMENT Framework
STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES ENTERPRISE RISK MANAGEMENT Framework January 2018 Ce document est également disponible en français. Notice This document is intended as a reference tool
More informationEnterprise Risk Management Focusing on the Right Risks
2014 CliftonLarsonAllen LLP Enterprise Risk Management Focusing on the Right Risks VGFOA 2015 Fall Conference October 22, 2015 CLAconnect.com Session Objectives 1.Identify factors driving the need for
More informationAFERM Best Practices: Guideposts, Risk Registers and a Maturity Model
AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model G.Edward DeSeve, Senior Advisor September, 2014 Oliver Wyman Introduction Guide Posts- As governments design ERM programs, they must
More informationUnderstanding Enterprise Risk Management: An Overview
Understanding Enterprise Risk Management: An Overview 05/2016 What is Risk? An uncertain event It exists in the future Has a cause and effect Impacts objectives Its effect may be positive and/or negative
More informationLCS International, Inc. PMP Review. Chapter 6 Risk Planning. Presented by David J. Lanners, MBA, PMP
PMP Review Chapter 6 Risk Planning Presented by David J. Lanners, MBA, PMP These slides are intended to be used only in settings where each viewer has an original copy of the Sybex PMP Study Guide book.
More informationENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.
1. Purpose: 1.1. Pedernales Electric Cooperative ( PEC ) is committed to delivering low-cost, reliable and safe energy solutions for the benefit of our members. In order to improve the likelihood of achieving
More informationProject Management for the Professional Professional Part 3 - Risk Analysis. Michael Bevis, JD CPPO, CPSM, PMP
Project Management for the Professional Professional Part 3 - Risk Analysis Michael Bevis, JD CPPO, CPSM, PMP What is a Risk? A risk is an uncertain event or condition that, if it occurs, has a positive
More informationChapter 6: Analysis of control
Chapter 6: Analysis of control 6.1. Introduction The preceding Chapter dealt with the manner in which the relevant risks are analysed for the functional activities distinguished within the organisational
More informationDraft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017
Draft Guideline Subject: Category: Sound Business and Financial Practices Date: November 2017 I. Purpose and Scope of the Guideline This guideline communicates OSFI s expectations with respect to corporate
More informationRisk Management Policy and Framework
Risk Management Policy and Framework Risk Management Policy Statement ALS recognises that the effective management of risks is a fundamental component of good corporate governance and is vital for the
More informationProject Risk Management. Prof. Dr. Daning Hu Department of Informatics University of Zurich
Project Risk Management Prof. Dr. Daning Hu Department of Informatics University of Zurich Learning Objectives Understand what risk is and the importance of good project risk management Discuss the elements
More informationInternal Audit Report
Internal Audit Report State Infrastructure Bank TxDOT Internal Audit Division Objective To evaluate the State Infrastructure Bank program to determine if objectives are being met and are in compliance
More informationEvery project is risky, meaning there is a chance things won t turn out exactly as planned.
PMBOK 5 Ed. DEI- Every project is risky, meaning there is a chance things won t turn out exactly as planned. percent of runaway projects Did no risk management at all 38 percent did some, and 7 percent
More informationProject Theft Management,
Project Theft Management, by applying best practises of Project Risk Management Philip Rosslee, BEng. PrEng. MBA PMP PMO Projects South Africa PMO Projects Group www.pmo-projects.co.za philip.rosslee@pmo-projects.com
More informationSAFETY MODEL ASSESSMENT
Application No.: Exhibit No.: Witnesses: A.1-0- SCE-01 M. Marelli S. Menon N. Woodward (U -E) SAFETY MODEL ASSESSMENT Before the Public Utilities Commission of the State of California Rosemead, California
More informationBusiness Auditing - Enterprise Risk Management. October, 2018
Business Auditing - Enterprise Risk Management October, 2018 Contents The present document is aimed to: 1 Give an overview of the Risk Management framework 2 Illustrate an ERM model Page 2 What is a risk?
More informationApplying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004
Applying COSO s Enterprise Risk Management Integrated Framework September 29, 2004 Today s organizations are concerned about: Risk Management Governance Control Assurance (and Consulting) ERM Defined:
More informationEnterprise Risk Management Program
Enterprise Risk Management Program David W Sundvall, Risk Manager 3/2/2016 Page 0 of 12 Table of Contents Introduction... 2 Approach... 2 Risk Appetite... 3 Roles and Responsibilities... 3 Process... 4
More informationENERGY MANAGEMENT PLAN ENERGY MANAGEMENT POLICY: ERG-1
Our Commitment Effective energy management begins with the specific, visible expression of commitment by the senior authorities in the Municipality to making the reduction of energy consumption an organizational
More informationThirty-Second Board Meeting Risk Management Policy
Thirty-Second Board Meeting Risk Management Policy 00 Month 2014 Location, Country Page 1 Board Decision THE RISK MANAGEMENT POLICY Purpose: 1. This document, Risk Management Policy (), presents: i) a
More informationSummary Enterprise Risk Management Framework
Summary Enterprise Risk Management Framework Last Updated: September 26, 2016 CONTENTS I. Overview II. III. Risk Management Philosophy General Risk Management Activities Board of Directors Risk Management
More informationRISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA
RISK MANAGEMENT 11.1 Plan Risk Management: The process of DEFINING HOW to conduct risk management activities for a project. In Plan Risk Management, the remaining FIVE risk management processes are PLANNED
More informationINTERNAL AUDIT PLAN OF ACTIVITIES
SDCERA INTERNAL AUDIT PLAN OF ACTIVITIES Fiscal Years 2012-2015 CHRISTINA MCGOUGH, INTERNAL AUDIT MANAGER 12 Table of Contents Executive Summary... 1 Overview... 2 Risk assessment... 2 The audit plan...
More informationFinal Preliminary Survey Report Audit of Budgeting and Forecasting. June 19, Office of Audit and Evaluation
2013-705 Audit of Budgeting and Forecasting June 19, 2014 Office of Audit and Evaluation TABLE OF CONTENTS INTRODUCTION... 1 BACKGROUND... 1 OBJECTIVE, SCOPE AND APPROACH... 3 RISK ASSESSMENT... 4 PRELIMINARY
More informationENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK
ANNEXURE A ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK CONTENTS 1. Enterprise Risk Management Policy Commitment 3 2. Introduction 4 3. Reporting requirements 5 3.1 Internal reporting processes for risk
More informationUNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK
UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK 1 TABLE OF CONTENTS FIGURES AND TABLES... 3 1. INTRODUCTION... 4 2. KEY TERMS AND DEFINITIONS... 5 2.1 Risk... 5 2.2 Risk Management... 5 2.3 Risk Management
More informationCITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY
CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY Effective Date 1 July 2015 TABLE OF CONTENTS 1. POLICY STATEMENT... 3 2. POLICY CONTEXT... 4 3. PURPOSE... 5 4. POLICY SCOPE AND APPLICATION... 6 5. RISK
More informationEnterprise Risk Management (ERM)
Southeastern Actuaries Conference Enterprise Risk Management (ERM) November 16, 2007 ING. Your future. Made easier. Agenda ERM Are you doing it? Definition of ERM What is it? Industry Overview What is
More informationHow we manage risk. Risk philosophy. Risk policy. Risk framework
How we manage risk Risk management is integral to the daily operations of our businesses. As a multinational group with activities in over 130 countries, Naspers is exposed to a wide range of risks that
More informationGuideline. Earthquake Exposure Sound Practices. I. Purpose and Scope. No: B-9 Date: February 2013
Guideline Subject: No: B-9 Date: February 2013 I. Purpose and Scope Catastrophic losses from exposure to earthquakes may pose a significant threat to the financial wellbeing of many Property & Casualty
More informationPOWERLINE SAFETY FY2014 ACHIEVEMENTS FY2013-FY2015 PLANS
POWERLINE SAFETY FY2011 TO FY2015 GOAL Support Community Powerline Safety Alliance Decrease the number of worker and non-worker powerline contacts from 160 to 113 (based on the five-year rolling average)
More informationAudit Report Internal Financial Controls. GF-OIG March 2015 Geneva, Switzerland
Audit Report Internal Financial Controls GF-OIG-15-005 Table of Contents I. Background... 2 II. Scope and Rating... 3 III. Executive Summary... 4 IV. Findings and agreed actions... 6 V. Table of Agreed
More informationHow Internal Audit Can Help Promote Effective ERM
How Internal Audit Can Help Promote Effective ERM Alan N. Siegfried, MBA, CPA, CIA, CISA, CBA, CRMA, CFSA, CCSA, CITP, CGMA, CSP June 18, 2014 Alan Siegfried Professional Bio Principal and Managing Director,
More information6 th September not protectively marked 1
Establishing Risk Management processes in UK Nuclear New Build - (inc Enterprise Risk Management & Probabilistic Cost & Schedule Risk Analysis processes) 6 th September 2016 not protectively marked 1 Introductions
More informationGovernment Debt Collection
CGI-NASACT_Report_v8 8/4/10 3:49 PM Page 1 Government Debt Collection An Untapped Source for Increased Revenue and Sustained Fiscal Fitness Survey Report and Recommendations Overview State budget shortfalls,
More informationRisk Evaluation, Treatment and Reporting
Chapter 8 Risk Evaluation, Treatment and Reporting In the previous chapter we looked at how risks are identified, described and estimated using a likelihood and consequences matrix. This is an essential
More informationWe appreciate the opportunity to conduct this performance audit and look forward to serving HCPS again in the near future.
September 5, 2018 Mr. Jeff Eakins, Superintendent Hillsborough County Public Schools 901 East Kennedy Boulevard Tampa, Florida 33602 Dear Mr. Eakins: McConnell & Jones LLP (MJ) is pleased to submit our
More informationM_o_R (2011) Foundation EN exam prep questions
M_o_R (2011) Foundation EN exam prep questions 1. It is a responsibility of Senior Team: a) Ensures that appropriate governance and internal controls are in place b) Monitors and acts on escalated risks
More informationExecutive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B
Executive Board Annual Session Rome, 25 28 May 2015 POLICY ISSUES Agenda item 5 For approval ENTERPRISE RISK MANAGEMENT POLICY E Distribution: GENERAL WFP/EB.A/2015/5-B 10 April 2015 ORIGINAL: ENGLISH
More informationBERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework
BERGRIVIER MUNICIPALITY Risk Management Risk Appetite Framework APRIL 2018 1 Document review and approval Revision history Version Author Date reviewed 1 2 3 4 5 This document has been reviewed by Version
More informationAudit of Regional Operations Manitoba Region
Audit of Regional Operations Manitoba Region WESTERN ECONOMIC DIVERSIFICATION CANADA Audit & Evaluation Branch December 2010 Table of Contents 1.0 Executive Summary 2 Findings 2 Statement of Assurance
More informationFollow-Up on VFM Section 3.05, 2014 Annual Report RECOMMENDATION STATUS OVERVIEW
Chapter 1 Section 1.05 Ministry of Infrastructure (formerly the Ministry of Economic Development, Employment and Infrastructure) Infrastructure Ontario Alternative Financing and Procurement Follow-Up on
More informationProject Selection Risk
Project Selection Risk As explained above, the types of risk addressed by project planning and project execution are primarily cost risks, schedule risks, and risks related to achieving the deliverables
More informationBuilding a Box Around Murphy s s Law. If anything can go wrong, it will.
Building a Box Around Murphy s s Law If anything can go wrong, it will. Copyright Donald W. Bendure 2005 1 Corollaries to Murphy s s Law If there is a possibility of several things going wrong, the one
More informationHSC Business Services Organisation Board
Paper BSO 25/2009 HSC Business Services Organisation Board Risk Management 1. Purpose of this report The purpose of this report is to brief the Board on the BSO Risk Management process. 2. Background HSC
More informationGRINDROD SOUTH AFRICA//Policy Risk and opportunity governance framework
Document number GP24 Revision number 02 Issue date 23 May 2017 Author name Andrew Davies Approval Risk Committee 02 CONTENTS 1 Purpose 04 2 Objective 04 3 Risk and opportunity governance policy 04 4 Governance
More informationRisk Management Policy
Version: 2.0 New or Replacement: Policy number: Document author(s): Replacement ULHT-MD-GOV-RM-PMIMSI Paul White, Risk Manager Contributor(s): Members of the Trust Board & Senior Leadership Team Approved
More informationPRESENTATION TO CLASS 2 CREDIT UNIONS, BY DIRECTORS GLOBAL & BY BPS RESOLVER
1 YOU CAN T MANAGE WHAT YOU CAN T MEASURE Increasingly, boards and senior executives are looking to develop metrics or indicators to help to better monitor potential future shifts in risk conditions or
More informationProject Integration Management
Project Integration Management Describe an overall framework for project integration management as it relates to the other PM knowledge areas and the project life cycle. Explain the strategic planning
More informationStrategic Planning, Forecasting & Budgeting
Strategic Planning, Forecasting & Budgeting Overview Many organisations use budgeting and forecasting as a means of providing and updating tactical operating plans and controlling costs; but world class
More informationProject Risk Management
Project Skills Team FME www.free-management-ebooks.com ISBN 978-1-62620-986-4 Copyright Notice www.free-management-ebooks.com 2014. All Rights Reserved ISBN 978-1-62620-986-4 The material contained within
More informationFiscal Mapping Community of Practice. Session #2 June 22, 2017
Fiscal Mapping Community of Practice Session #2 June 22, 2017 Setting Research Questions Preparing to Collect Data Sample Interview Protocol Goal of Study: Identify and confirm funding information on federal,
More informationAudit of the Accelerated Infrastructure Program 2 Governance Phase 1 and 2
Final Report Audit of the Accelerated Infrastructure Program 2 Governance Phase 1 and 2 October 11, 2016 Office of Audit and Evaluation Table of contents Executive summary... i Introduction... 1 Focus
More informationRisk Management Framework
Risk Management Framework Anglican Church, Diocese of Perth November 2015 Final ( Table of Contents Introduction... 1 Risk Management Policy... 2 Purpose... 2 Policy... 2 Definitions (from AS/NZS ISO 31000:2009)...
More informationOffice of the Auditor General of Canada Performance Audit Yukon Housing Corporation February Implementation Plan
Office of the Auditor General of Canada Performance Audit Yukon Housing Corporation February 2010 Implementation Plan 2010 2013 YUKON HOUSING CORPORATION IMPLEMENTATION PLAN Section #19 Recommendation
More informationRisk Management Policy
Risk Management Policy Version: 3 Board Endorsement: 11 January 2014 Last Review Date: 3 January 2014 Next Review Date: July 2014 Risk Management Policy 1 Table of Contents 1 Introduction... 3 2 Overview...
More informationPolicy Number Functional Field. Governance and Management. Related Policies. Policy of Making University Policies.
Policy Title Risk Management Policy Policy Number -0 Functional Field Related Policies Responsibility of Issuing Office Governance and Management Policy of Making University Policies Risk Management Office
More informationRisk Management Strategy
Risk Management Strategy 2016 2019 Version: 6 Policy Lead/Author & Deputy Director of Quality position: Ward / Department: Nursing Directorate Replacing Document: Version 5 Approving Committee Quality
More informationReview of Climate-Related Disclosures by Canadian Co-operatives and Credit Unions. Report
Review of Climate-Related Disclosures by Canadian Co-operatives and Credit Unions Report October 2017 Contents 1.0 Executive Summary... 3 2.0 Introduction... 3 3.0 Results... 5 3.1 Overall... 5 3.2 Governance...
More informationEnergize Your Enterprise Risk Management
Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed: Agenda Enterprise Risk Management Defined Benefits of ERM Key Components
More informationRisk Management Strategy
Resources Risk Management Strategy Successful organisations are not afraid to take risks; Unsuccessful organisations take risks without understanding them. Issue: Version 3 - November 2011 Group: Resources
More informationWhitman County, Washington
GOVERNMENT FINANCE OFFICERS ASSOCIATION (GFOA) RESEARCH AND CONSULTING CENTER Whitman County, Washington July 2015 Finance and IT Roles and Responsibilities Assessment Table of Contents Whitman County
More informationOwn Motion Inquiry Provision of Credit
Code Compliance Monitoring Committee Own Motion Inquiry Provision of Credit Examining banks compliance with the provision of credit obligations under clause 27 of the Code of Banking Practice January 2017
More informationRISK AND CONTROL ASSESSMENT SCDOT Indirect Cost Recovery
2017 RISK AND CONTROL ASSESSMENT SCDOT Indirect Cost Recovery INTERNAL AUDIT SERVICES SOUTH CAROLINA OFFICE OF THE STATE AUDITOR December 12, 2017 ONTENTS Page 1 Foreword 1 2 Executive Summary 2 3 Internal
More informationPS 152 Corporate Risk Management Policy
PS 152 Corporate Risk Management Policy January 2013 Version 1.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010;
More informationAffecting Capital Planning and Investment Control (CPIC)
The FITARA Effect: How This New Legislation is Affecting Capital Planning and Investment Control (CPIC) Summary As the lens continues to focus in on Information Technology (IT) spending in the federal
More informationPublic Safety Canada. Audit of National Crime Prevention Strategy Program
Public Safety Canada Audit of National Crime Prevention Strategy Program October 2011 Table of Contents 1.0 Executive Summary 3 2.0 Background 8 2.1 Audit Objective 9 2.2 Audit Scope 9 2.3 Approach 10
More informationERM Benchmark Survey Report
ERM Benchmark Survey Report A report on PACICC s fifth ERM benchmarking survey October 2017 2011 2013 2015 2016 2017 Member Survey on ERM Practices A report on PACICC s fifth ERM benchmarking survey October
More informationPublic Works & Infrastructure Committee. Executive Director, Engineering & Construction Services Director, Purchasing & Materials Management Division
STAFF REPORT ACTION REQUIRED Contract Award Request for Proposals No. 9117-14-7110 Professional Engineering Services and Program Management Services for Basement Flooding Protection Program Date: June
More informationChapter 7: Risk. Incorporating risk management. What is risk and risk management?
Chapter 7: Risk Incorporating risk management A key element that agencies must consider and seamlessly integrate into the TAM framework is risk management. Risk is defined as the positive or negative effects
More informationGlobal Enterprise Risk Management in Insurance
Global Enterprise Risk Management in Insurance Caroline Bennet National Leader, Deloitte Actuaries & Consultants Australia Meeting the Challenges of Change 14 th Global Conference of Actuaries 19 th 21
More informationFROM 12 TO 21: OUR WAY FORWARD
FROM 12 TO 21: OUR WAY FORWARD MESSAGE FROM THE BOARD Weldon Cowan, chair of the board of directors The board of directors shares the corporation s excitement about the next phase of the From 12 to 21
More informationProgram Performance Review
Program Performance Review Facilities Maintenance Division of the Public Works and Transportation Department July 21, 2006 Report No. 06-18 Office of the County Auditor Evan A. Lukic, CPA County Auditor
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Assessment Part 2 2017 Association of Certified Fraud Examiners, Inc. Fraud Risk Assessment Frameworks Frameworks are helpful for performing, evaluating, and reporting
More informationCORPORATE RISK 2017 ANNUAL REPORT
CORPORATE RISK 07 ANNUAL REPORT The City of Saskatoon, like all municipal governments, faces many types of risk, including strategic, operational, financial and compliance risks. If not effectively managed,
More informationClassify each risk as a Threat or Opportunity. Most risks will be classified as Threats.
APPENDIX B Risk Register Instructions Risk Identification Get the right people together. Remember the "Magic 10." Project Sponsor Project Manager Project Engineer Customer Representatives Budget Representative
More informationOwn Risk Solvency Assessment (ORSA) Linking Risk Management, Capital Management and Strategic Planning
Own Risk Solvency Assessment (ORSA) Linking Risk Management, Capital Management and Strategic Planning Moderator: David Holland, Risk Director, Ally Insurance SPEAKERS Mary-ellen Coggins, Managing Director,
More informationCORPORATE RISK MANAGEMENT POLICY
11/8/2017 INFORMAÇÃO INTERNA ÍNDICE 1 PURPOSE... 3 2 SCOPE... 3 3 REFERENCES... 3 4 CONCEPTS... 4 5 GUIDELINES... 6 6 RESPONSABILITIES... 8 7 CONTROL INFORMATION... 14 2 INFORMAÇÃO INTERNA 1 PURPOSE The
More informationAnalyze probability and impact. Identify type of risk. Apply mitigation measures. Monitor & Risk Analysis Report. Introduction
Risk Analysis Report Introduction The purpose of this report is to provide an analysis of risks associated with public and private ownership of the Newport Facility under consideration by Ramsey and Washington
More informationFundamentals of Project Risk Management
Fundamentals of Project Risk Management Introduction Change is a reality of projects and their environment. Uncertainty and Risk are two elements of the changing environment and due to their impact on
More informationAn Introductory Presentation for ECU Staff
Risk Management at ECU An Introductory Presentation for ECU Staff Phillip Draber Manager, Risk and Assurance Outcomes By the end of this session you should: Be able to complete and document risk management
More informationHazard Mitigation Planning
Hazard Mitigation Planning Mitigation In order to develop an effective mitigation plan for your facility, residents and staff, one must understand several factors. The first factor is geography. Is your
More informationUsing Tolerable Risk to Drive Asset Management Decision Making
Using Tolerable Risk to Drive Asset Management Decision Making Richmond, Virginia May 12, 2016 1 Principal Asset Management Consultant with GHD and has over 25 years experience in utility management. Nationally
More informationENTERPRISE RISK AND STRATEGIC DECISION MAKING: COMPLEX INTER-RELATIONSHIPS
ENTERPRISE RISK AND STRATEGIC DECISION MAKING: COMPLEX INTER-RELATIONSHIPS By Mark Laycock The views and opinions expressed in this paper are those of the authors and do not necessarily reflect the official
More informationAuditor General of Canada to the House of Commons
2010 Report of the Auditor General of Canada to the House of Commons SPRING Chapter 1 Aging Information Technology Systems Office of the Auditor General of Canada The Spring 2010 Report of the Auditor
More informationDEPOSIT INSURANCE CORPORATION OF ONTARIO BY-LAW NO. 5 STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES
DEPOSIT INSURANCE CORPORATION OF ONTARIO BY-LAW NO. 5 STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES A By-law made under paragraph (g) of subsection 264(1) of the Credit Unions and Caisses Populaires
More informationEnterprise Risk Management & Pools. Scott Moss, MPA, CPCU, ARM-E, ALCM CIS P/C Trust Director
Enterprise Risk Management & Pools Scott Moss, MPA, CPCU, ARM-E, ALCM CIS P/C Trust Director Scott Moss, CIS Property/Casualty Trust Director CIS (Citycounty Insurance Services) Parents: Members: Staff:
More informationManaging Project Risk DHY
Managing Project Risk DHY01 0407 Copyright ESI International April 2007 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or
More information