1 / 19

What is Risk Management? Whose responsibility is it in your institution?

What is Risk Management? Whose responsibility is it in your institution?. Mark Weatherley. What is Risk Management? Whose responsibility is it in your institution?. Am I a Risk Manager?. Risk: What Is It?. The chance that something you don’t want to happen will

deiondre
Download Presentation

What is Risk Management? Whose responsibility is it in your institution?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What is Risk Management?Whose responsibility is it in your institution? Mark Weatherley

  2. What is Risk Management?Whose responsibility is it in your institution? • Am I a Risk Manager?

  3. Risk: What Is It? • The chance that something you don’t want to happen will • Or the likelihood that something you would like to happen doesn’t because you didn’t take the chance • Three main risk categories • Common to all entities • Strategy driven for a particular entity • Industry specific

  4. Risk: Four Choices Available • Transfer risk to another party • Design and apply appropriate internal controls • Avoid engaging in the activity • Accept risk

  5. What is Risk Management? • Risk management is about : • Identifying and assessing key risks • Designing and implementing processes by which those risks can be managed • Maintaining residual risks at a level acceptable to the Board

  6. Whose Responsibility Is It? • Board • Management • Internal Audit • Other specialists

  7. IIA New Definition of the Role of Internal Audit • Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. • It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of risk management, control and corporate governance processes.

  8. Key Attributes of IA • Independent • Objective • Knowledge of University, its people, systems and process • Skills in risk management, documentation, evaluation and assessment • Provides services to the Board and management

  9. IA Skills in Risk Management • Systematic analysis of business process • IA performs organisation-wide risk assessment involving management • See next slide • IA prepares an inventory of processes • IA determines audit priorities based on the risk assessment

  10. McGill UniversityRisk Assessment Overview VP, A & F Significant VP, D & AR VP, IST Medicine VP, R & Gs Student Services Management Consequence VP, Academic Education Music Continuing Education Science Engineering Libraries Dentistry Agriculture & Environment Law Arts Secretariat Principal Religious Studies Insignificant Low Likelihood of Exposure High High Risk Moderate Risk Low Risk Core Processes

  11. IA Skills in Risk Management (Cont’d) • Objective assessments for process effectiveness • audit projects include: • Identification of components, deliverables or processes • Risk assessment of the unit involving management • Definition of audit priorities based on the risk assessment • Assessment of control design • Tests on control effectiveness

  12. IA Skills in Risk Management (Cont’d) • Independent reporting and assessment of ways to change or improve processes • Audit reports include recommendations to improve : • Control design • Control effectiveness

  13. IA Skills in Risk Management (Cont’d) • Ability to spread good practices across the organisation • Design and offer training sessions to management • Provide useful information through the IA web site

  14. How IA Helps the Risk Management Process? • Assessment of the adequacy and effectiveness of risk management processes which includes: • Identification of risks • Prioritization of risks • Design of controls • Control effectiveness • Reporting

  15. How IA Helps the Risk Management Process? (Cont’d) • Assessment of residual risks • Assessment of other specialist units also providing assurance and advice • eg • Health and Safety • Environment • Legal Services • Insurance

  16. How IA Helps the Risk Management Process? (Cont’d) • Consultants to assist the Board and management in the development of documented risk management processes • Risk identification and assessment • Development of policies and procedures on risk and control • Mechanisms to review the effectiveness of risk management and internal control

  17. What Internal Audit Does Not Do • Judge the appropriateness of the objectives of the organisation • Judge the Board’s strategies to achieve objectives

  18. Benefits From Effective Risk Management Process • Enhances the ability to achieve the University’s objectives • Defines risk tolerance and acceptance of the Board • Leads to informed decision-making • Directs the effective allocation of resources and management time

  19. Key Reference Source • Risk Management and the value added by Internal Audit, published by the Institute of Chartered Accountants in England & Wales (ICAEW), www.icaew.co.uk/internalaudit, ISBN 1-84152-038-1

More Related