1 / 17

Risk Planning - Drexel University

Rita
Download Presentation

Risk Planning - Drexel University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. 1 Internal Audit and Management Consulting Services

    2. 2

    3. 3 Risk Management Internal Audit – Identifies all auditable activities and relevant risk factors, and assess their significance through an annual risk assessment.

    4. 4 Risk Management

    5. 5 Internal Control Key Concepts Internal control is a process. It is a means to an end, not an end in itself. Internal control is affected by people. It’s not merely policy manuals and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared to the achievement of organizational objectives.

    6. 6 Risk Assessment The Internal audit plan is designed to meet the objective of providing the most efficient and effective deployment of internal audit resources in a manner that addresses (1) areas of highest relative risk, (2) core business activities of the University, (3) broad coverage across the University and the College of Medicine.

    7. 7 Risk Assessment (continued) Audit Scope – involves assessing the five interrelated components of Internal Control: The control environment, Risk assessments, Control activities, Monitoring activity, and Information and communication

    8. 8 INTEGRATED INTERNAL CONTROL FRAMEWORK

    9. 9 INTEGRATED INTERNAL CONTROL FRAMEWORK

    10. 10 Risk Assessment (continued) Risk Factors utilized in Risk Model: Factors Weighted Risk Dollar/Volume .20 Operational Risk .25 Compliance Risk .10 Nature/Sensitivity of Business .20 Strategic .20 Last Time Audited .05 1.00

    11. 11 Risk Assessment (Criteria) Risk Factor criteria utilized in Risk Model: Dollar/Volume (receive or disburse funds) 1 - < $100,000 2 - $100,001 to $250,000 3 - $250,001 to $500,000 4 - $500,001 to $1,000,000 5 - > $1,000,000 Operational Risk (based on complexity of process) 1 - Simple operation, small process 3 - Moderate operation, medium process 5 - Complex operation, large process

    12. 12 Risk Factors criteria utilized in Risk Model (continued): Compliance Risk (Federal, State, Local Government funds; also includes Federal, State, Local regulations to follow even if no funding is involved) 1 - no regulatory involvement 3 - moderately regulated (and/or $100,00 to $400,000 in funds) 5 - Highly regulated (Government funding > $400,000) Nature/Sensitivity of Business (Student involvement, external relations, governmental, alumni) 1 - No involvement 3 - some involvement 5 - high involvement

    13. 13 Risk Factors criteria utilized in Risk Model (continued): Strategic – Critical to the strategic mission of the University or College of Medicine 1- not critical (no involvement in any of the strategic plan initiatives) 3- indirect involvement 5- directly involved Last Time Audited 1- audited last fiscal year 3- audited within the last 3 years 5- not audited within the last 3 years

    14. 14 Risk Assessment (continued) Develop risk assessment model:

    15. 15 Risk Assessment Update (continued) Range Heat 3.5 – 5.0 High 2.5 – 3.4 Medium 1.0 – 2.4 Low

    16. 16

    17. 17 Develop an Audit Plan that Includes: Board Concerns, Management Needs, Is Risk Based, and Flexible in a Dynamic Environment

More Related