1 / 21

Agenda

Agenda. ERM at UTSA Dick Dawson, Executive Director, Audit, Compliance & Risk Services Risk Assessment Process Donna Holmes, Director Institutional Compliance & Risk Services James R. Weaver, Compliance Manager Financial Aid Risks and Monitoring

brinly
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Agenda • ERM at UTSA • Dick Dawson, Executive Director, Audit, Compliance & Risk Services • Risk Assessment Process • Donna Holmes, Director Institutional Compliance & Risk Services • James R. Weaver, Compliance Manager • Financial Aid Risks and Monitoring • Lisa Blazer, Assistant VP for Student Financial Aid • Financial Aid Audit Work Performed • Dick Dawson

  2. Enterprise-Wide Risk Management (ERM)& Student Financial AidDick Dawson

  3. What is ERM? Enterprise-Wide Risk Management (ERM) is: • a continuous, proactive and systematic process • to understand, manage, and communicate risk • from an organization-wide perspective

  4. What is a risk? • A risk is defined as anything that can prevent the achievement of goals and objectives. To manage risk is to do something that will reduce the probability of occurrence to an acceptable level.

  5. UTSA’s Approach • Alignment with strategic initiatives in the President’s Compact • Top-down, bottom-up approach, resulting in more complete assessment • Involves all levels of management-buy in and sustainability

  6. COSO ERM Framework

  7. University Risk Assessment Committee • Continually reassesses risks • Assesses emerging risks • Link between executive management and the operational level

  8. UNIVERSITY RISK MANAGEMENT PROCESS Operational Level Institutional Level Department Heads / Process Owners Perform Risk assessment of area/process Institutional Compliance and Risk Services facilitates process University Risk Assessment Committee Perform institutional risk assessment based on strategic plan/emerging risks Non-compliance risks (Strategic, Operational, Reporting & Financial) Non-compliance risks (Strategic, Operational, Reporting & Financial) Compliance Risks Compliance Risks Vice Presidents Vice Presidents • Approve risk assessment • Ensure appropriate responsible party assigned • Review & approve Risk Management Plans • Action taken at VP discretion (ICRS available on a consultative basis) • Assess whether risks are being mitigated at the operational level • Action taken at VP discretion (ICRS available on a consultative basis) Compliance Committee Oversight of Institutional Compliance Program

  9. Compliance vs. Audit • Compliance • Preventative Controls • Proactive assistance • Facilitative emphasis • Facilitate risk assessments • Facilitate development of management plans • Assist responsible parties in high risk compliance areas • Quality Assurance Reviews • Audit • Detective Controls • Assurance activities • Operational audits • Financial audits • Compliance audits • Consulting activities

  10. The ERM ProcessDonna Holmes • Ongoing risk assessments at 2 levels: • Institutional level- University Risk Assessment Committee (URAC) • Department/process level

  11. Institutional RiskAssessments • Risk assessments at the institutional level were implemented one year ago with the formation of the University Risk Assessment Committee. • The committee has 11 members with representation from each VP area- generally Associate or Assistant VP level (chaired by Executive Director, Audit, Compliance and Risk Services). • Committee assesses risks associated with achieving the objectives in UTSA’s Compact with the Chancellor of the UT System.

  12. Areas of the Compact • Graduate Studies (financial aid) • Undergraduate Studies (financial aid) • Campus Life • Diversity • Research (financial aid) • Service Area Investment (financial aid) • Quality Service (financial aid)

  13. Risk Assessment Process • Identify – Brainstorm risks to achieving goals and objectives. • Rank - each risk on a scale of 1-5 for “potential impact” and “probability of occurrence”-final ranking based on combined score. • Manage- Develop risk management plans to demonstrate how management intends to mitigate high risks to an acceptable level.

  14. Departmental: Financial Aid Risk Assessment • Annual risk assessments of Financial Aid have been conducted for the past 4 years. • The same risk assessment process is used (identify/rank/manage).

  15. Identifying the Gaps • High risks identified at the institutional level can be compared to the department/process level to determine if there are gaps. • Financial Aid risks were identified by the URAC, e.g., Failure to adequately manage financial aid to ensure adequate resources for students. • Our analysis indicated a correlation between the risks identified in the Financial Aid risk assessment and this strategic risk identified by the URAC.

  16. Oversight • Risks identified at both levels are provided to the appropriate vice-president(s). • Compliance risks- one responsible party and risks management plans are required for high risks identified. • Executive Level Compliance Committee provides oversight of compliance risks/issues. • Non-compliance risks- left to discretion of vice-president, however, Institutional Compliance and Risk Services is available to assist if requested.

  17. Student Financial Aid RisksLisa Blazer • UTSA’s Demographics • Financial Aid Risks • Monitoring Plans

  18. Using ERM for an Audit Plan • Executive Level risk assessment gives Annual Audit Plan Direction • Operational Level risk assessments used for planning individual audits

  19. Risk Assessment Without Controls • Confidential information is shared • Mismanagement of external funds • Untimely processing • Ineffective communication with internal and external entities • Inaccurate or untimely reporting • Inability to adapt to changing complex environment • Ineffective communication to and from students • Inexperienced entry level staff • Receiving inaccurate information from other entities • BANNER set-up not correct H Impact • Mismanagement of financial aid funding • Inconsistent professional judgment decisions • Inaccurate consumer right to know information • Personnel records are not accurate • Mismanagement of departmental budget • Theft or loss of university property L Probability w/out Controls H

  20. Risk Assessment With Controls • Assurance • Inability to adapt to changing environment • Ineffective communication to and from students • Inexperienced entry level staff • Receiving inaccurate information from other entities • BANNER set-up not correct • Confidential information is shared • Mismanagement of external funds • Inaccurate or untimely reporting • Untimely processing • Ineffective communication with internal and external entities Department Mitigates H Impact • Evaluate Resource Allocation • Mismanagement of financial aid funding • Inconsistent professional judgment decisions • Inaccurate consumer right to know information • Evaluate Cumulative Impact • Personnel records are not accurate • Mismanagement of departmental budget • Theft or loss of university property L Probability w/Controls H

  21. Questions?

More Related