1 / 17

Employment Law Summit

Employment Law Summit. Risk Assessment – Benefits & Pitfalls Kirsten Hotchkiss, SVP Employment Law & Compliance Duleep Thomas, SVP – General Auditor. Topics. Employment Law & Risk Assessment Forms of Risk Assessments Interdependencies of Risk Assessments

byrd
Download Presentation

Employment Law Summit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Employment Law Summit Risk Assessment – Benefits & Pitfalls Kirsten Hotchkiss, SVP Employment Law & Compliance Duleep Thomas, SVP – General Auditor

  2. Topics • Employment Law & Risk Assessment • Forms of Risk Assessments • Interdependencies of Risk Assessments • Risk Assessments at Wyndham Worldwide • Global Business Risk Assessment • Fraud Risk Assessment • Accounting Risk Assessments • Compliance Risk Assessments • Benefits of Risk Assessments • Limitations, Constraints & Challenges • Critical Success Factors • Legal Matters

  3. Employment Law and Risk Assessments • Introduction • Basic components of compliance and ethics program and similarity to employment law concepts • COSO FRAMEWORK • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring, Compliance and Remediation

  4. Forms of Risk Assessments Risk Assessments could take several forms. Following are some of the more common forms: • GLOBAL BUSINESS RISK ASSESSMENT - Business Objectives focused; typically done as part on an overall risk management program • FRAUD RISK ASSESSMENT – Focused on fraud schemes & scenarios and controls; typically performed as part of the overall control assessment program • FINANCIAL REPORTING RISK ASSESSMENT – Controls over Financial Reporting; performed by auditors as part of the inherent and control risk assessment • COMPLIANCE RISK ASSESSMENT – Compliance with laws and regulations; performed by the Compliance groups as part of an overall compliance effectiveness program

  5. Interdependencies of Risk Assessments • Cross and interdependencies exist within risks identified in the various risk assessments • Important to understand and recognize the significance of these interdependencies • Risk Assessment efforts should be coordinated in order to be efficient and effective • Should be components of an overall Governance, Risk & Compliance program

  6. Risk Assessments at Wyndham Worldwide The following is a snapshot of the various risk assessments performed at Wyndham Worldwide: • Global Business Risk Assessment • Collaboratively performed by the Compliance Group and Internal Audit • Now owned by Senior leadership at business units – periodic updates • Fraud Risk Assessment • Collaboration between Finance, Information Technology and Internal Audit • Now owned by business units – linked to SOX control sets • Financial Reporting Risk Assessment • Collaboration between Controllers and Auditors • Drives audit strategy • Compliance Risk Assessment • Led by Compliance teams • Part of compliance strategy We will be discussing some of these Risk Assessments……..

  7. Global Business Risk Assessment – Steps Involved The Global Business Risk Assessment entailed the following steps: • Buy-in from senior leadership across the enterprise • Structured interviews • Functions/Responsibilities • Business Objectives & Initiatives • Risks & Controls (rated for significance and likelihood) • Monitoring Groups involved • Key Performance Indicators • Confirmation from interviewees • Compilation of results • Risk Themes – ranking – Composite Risk Profile, by business unit • Detailed Risk Narratives • Observations by Functional Areas • Presentation and hand-off to business units • Presentation to the Audit Committee • Next steps • Recalibration – by business units • Periodic updates by business unit

  8. Global Business Risk Assessment - Risk Themes The following 19 risk themes (listed alphabetically) and associated definitions were developed as part of this effort:

  9. Fraud Risk Assessment – Steps Involved The Fraud Risk Assessment entailed the following steps: • Initial Diagnostics of various components of the Anti Fraud Program & Controls • Inventory of existing initiatives • Evaluation of effectiveness of current efforts • Assessment of coordination between the various current efforts • External benchmarking • Issuance of a refined anti-fraud policy, approved by the Compliance Governance Board • Conduct of a formal Fraud Risk Assessment • Training of constituents • Compilation of Schemes & Scenarios, rated by significance and likelihood • Linkage to control activities compiled as part of our SOX program • Development of “risk themes” and related taxonomy • Presentation to the Audit Committee • Next steps • Focus on response strategies; expand on potential schemes and scenarios • Periodic updates by business units

  10. Fraud Risk Assessment - Risk Themes The following 10 risk themes (listed alphabetically) and associated definitions were developed as part of this effort:

  11. Compliance Risk Assessment • A more granular approach to compliance with specific laws, less focus on financial controls • Target specific business process and practice owners • Target specific legal risk areas, for example: • Foreign Corrupt Practices Act • OFAC • Wage and Hour • EEO/FE Practices • Privacy and PCI

  12. Highlights of Risk Assessments • Global Business Risk Assessment • Over 50 key business leaders interviewed across the enterprise • Over 400 observations captured • 19 themes of risks identified • Risk themes plotted on a Heat Map • Basis for management follow up and audit plan • Will be utilized by business unit management as part of strategic planning process • Fraud Risk Assessment • Corporate personnel and all business units at key locations participated • Risk inventory (schemes and scenarios) compiled at business unit level • 10 themes of risk identified • Risk themes plotted on Heat Map • Basis for management follow up and audit plan and for SOX scoping process • Will be utilized by business management to refine response strategies, as appropriate

  13. Risk ID # 3 Risk ID # 1 3, 4, 14, 16, 18 Risk ID # 8 3, 4, 6 Risk ID # 4 7, 24 Risk ID # 2 2, 13, 25, 28 Risk ID # 9 22 Risk ID # 6 2, 5, 9, 20, 21, 22, 23,27, 30 Risk ID # 5 12, 14, 26 Risk ID # 10 3, 4, 6, 8, 11, 12, 20, 23, 24 Risk ID # 12 29 Risk ID # 7 1, 7, 10, 15, 16, 17, 18, 19, 22, 25, 26 Risk ID # 14 3, 4, 6, 23 Risk ID # 11 13 HIGH HIGH Risk ID # 16 Risk ID # 13 Risk ID # 16 Risk ID # 15 Risk ID # 18 21, 24, 28 Risk ID # 19 MEDIUM LOW Composite Risk Maps – Heat Maps

  14. Benefits of Risk Assessments • Most effective if managed and executed as part of an overall Governance, Risk & Compliance program • Ensures engagement of the entire organization in the risk management efforts of the enterprise • Provides a basis for monitoring the effectiveness of the various controls within the organization • Several other benefits, include, but are not limited to: • Creates risk awareness • Structured risk assessment and aggregation • Facilitates prioritization and focus • Input for the Strategic Plan • Development of the audit plan • Linkage to control activities – part of the SOX program

  15. Limitations, Constraints & Challenges • Breadth of participation – needs to have more depth in order to develop meaningful action steps • Depends on culture of the organization – participants have to be forthcoming • Currency of the information – manual compilation is tedious and may not yield current info. • First effort may not yield a full and complete inventory of risks – training within the organization • May not be effective or efficient unless all risk assessment efforts are coordinated

  16. Critical Success Factors • Buy-in of senior leadership • Engagement and coordination with other Monitoring Groups • Automation – currency of information • Follow-up by key constituents – prioritization through ‘funneling’ of risks

  17. Legal Issues • Privilege • Confidentiality • Risk Acceptance vs. non-compliance

More Related