180 likes | 348 Views
L’Arche Canada’s Audit and Risk Management Plan Presented by: Bernard L’Abbé 2013 General Assembly. Summary of presentation. Why has l’Arche Canada chosen to develop an ARMP? What is a risk ? Examples of major risks What is risk management?
E N D
L’Arche Canada’s Audit and RiskManagement Plan Presentedby: Bernard L’Abbé 2013 General Assembly
Summary of presentation • Why has l’Arche Canada chosen to develop an ARMP? • Whatis a risk? • Examples of major risks • Whatisrisk management? • Whatis a risk management process? • Importance of corporateethical values • Riskmapping • Whoisresponsible for managingrisks • How does the Boardoverseerisk management • L’Arche Canada’s ARMP categories of risks
Summary of presentation (continued) • L’Arche Canada RiskRegister • Whatshouldbeincluded in a good ARMP? • Document sources • Thankyou • Question period
Why has l’Arche Canada chosen to developan ARMP? • The issue of risk management wasidentifiedduringl’Arche Canada’s last Governance Structure Reviewprocess • L’Arche Canada waslacking a comprehensiverisk management plan and appropriateprocesses • It wasstronglyrecommended by ourAuditors • The implementation of an Audit and Risk Management Plan is a best practice • It is a structuredprocess the enables the Board to betterfulfillit’sfiduciaryresponsabilities • It enablesbetteraccountability to ourfunders
Whatis a risk? • Risktakesmanyforms but, essentially, isanythingthat affects an organisation’sability to meettheir objectives and preserveit’sreputation. (CICA, 2009) • Riskmayappear in a number of categorieswhichinclude: • Compliancerisk • Externalrisk • Financial risk • Governancerisk • Information Technologyrisk • Operationalrisk • Reputationrisk • Strategicrisk
Examples of major risks • Loss of a major source of funding • Unsuccessfulfundraisingprojects • Fraud • Failure of a project or strategic initiative • Inadequateresponse to emmergencies • Excessive increases in the cost of human or otherresources • Actual or allegedsexualmisconduct or abuse by an employee or volunteer • Loss or theft of information • Inability to performcriticalfunctionsthatdepend on technology • Etc.
Whatisrisk management • Risk management includes the culture, processes, and structures that are directedtowards effective management of potentialopportunities and adverse effects. • Risk management involvesasking: • Whatcouldhappenthatwould affect ourability to meetour objectives? • How likelyisit to occur? • How seriousmightitbe? • Whatshouldwe do to reduce the risk? • How canwebeprepared to respond to risk?
Whatis a risk management process? • Risk management processincludes the systematic application of management policies, procedures and practices to the task of establishing the context, identifying, analysing, assessing, managing, monitoring and communicatingrisk. • Commonly-used approches mayinclude a combination of: • Internalprocesses – interviews, questionnaires, brainstorming, etc. • Self-assessement and otherfacilitated workshops • Strenghts , weaknesses, opportunities, and threats (SWOT) analysis • External sources: comparisonswithother organisations, bench-marking, discussions withpeers, risk consultants, etc. • Tools, diagnostics, and processes – checklists, flowcharts, scenario analysis • Audits (e.g. a safety, or environmental, or financial audit)
Importance of corporateethical values • The integrity of an organisation depends on the behaviour and actions of the people in it, whoshould all share the sameunderstanding of ethics – the values and standards thatdetermine how boardmembers, staff, volunteers, and otherstakeholdersbehave and treatothers. • Corporate values are set out in a Code of Conduct: • The boardapproves the Code of Conduct • The board supports the Code and leads by example • Directorsshouldsign the Code of Conductannually • The Code iscommunicated to staff, volunteers and stakeholders • The Code includes sanctions againstthosewhodeviatefromit • The Code isenforced • The code contains provisions for whistle-blowing
Whoisresponsible for managingrisks • The entireboardisresponsible for oversight of risk. • The boarddelegates to the National Leaders and staff most of the detailed aspects of identifying, assessing, and managing the risksthat the organisation faces – subject to boardpolicy and approval. • Boardsmay chose to create an ARMC. If thisis the case: • The ARMC meetsregularlywith the externalauditor • The group agrees the external audit plan, reviews the externalauditor’sletter, and monitors implementation of actions required as a result • The ARMC isresponsible of ensuringthat the audit, risk management, and control processeswithin the organisation are effective • The ARMC takes a detailedreview of the draftannual plan, the RiskRegister, and the Annual Report and Accountsprior to theirsubmission to Council
L’Arche Canada’scategories of risks • The ARMC has identifiedeightriskcategoriespertaining to l’Arche Canada. They are: • Governance/OrganisationalRisk • Service Delivery/OperationalRisk • Financial Risk • Legal and ComplianceRisk • Technology and Information Management Risk • HumanResourcesRisk • Member Satisfaction/Public Perception Risk • Communication Risk
Whatshouldbeincluded in a good ARMP? • Corporate and Boardapproval, and ongoing support • Code of Conduct • Senior management, staff, and volunteer engagement • Audit and Risk Management Committee • Effective risk management and control processes • Audit and Risk Management Register • Writtenpolicies and procedures • Plan for responding to crisis • Training and Education
Document Sources • Canadian Institute of CharteredAccountants • Oxfam • Risk Management, Standards Australia/New Zealand • Learning about Risks, Choises, Connections, Competencies, 1998 • Enterprise Risk Management, COSO, 2004 • Ministry of Community and Social Services of Ontario • YMCA of Greater Toronto
Thank You • I wish to thank the followingpersons for theirprecious help: • Guillaume Richard • Ian MacKeigan • HolleeCard • Joe Egan • Boardmembers of l’Arche Canada
Question Period QUESTIONS?