1 / 25

Risk Reporting – A How To Guide

Risk Reporting – A How To Guide. Developed for: ORIMS Professional Development Session October 22, 2013 Presented by: Steve Pottle, York University Michelle Williamson-Reid, TSSA. http://www.youtube.com/watch?v=laKprX-HP94. Discussion Points.

inoke
Download Presentation

Risk Reporting – A How To Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Reporting – A How To Guide Developed for: ORIMS Professional Development Session October 22, 2013 Presented by: Steve Pottle, York University Michelle Williamson-Reid, TSSA

  2. http://www.youtube.com/watch?v=laKprX-HP94

  3. Discussion Points • To be heard or not to be heard – that is the question... • How to communicate risk intelligently and effectively • Risk Report Content – York and TSSA perspective • Your turn (tell us your good ideas)

  4. Is Risk on the Radar? • Risk Management has many homes in any organization • Champion - who has the ear of the Board?

  5. Getting on the Agenda • Befriend the person(s) that creates the: • Board work plan • Committee work plans • Audit Committee • Governance Committee • Etc. • Management meeting agendas

  6. When in Doubt • Read the Board Charter • Read company policies • Read your job description

  7. Make it Relevant • What do they want to know • What should they know: • CICA’s “20 Questions” • risks to mission, vision and strategy • risks to business plan • reputational risks

  8. Be Brief • Be clear • Be concise • Relate the risk information to their role: • Board charter • position description / job profile • Relate it to the big picture • Engage them (push versus pull)

  9. Be Careful • While there is job security in always being on the agenda... • Make management accountable • Encourage management to report on risk • Facilitates greater buy-in • Influences a risk aware culture

  10. The York U Experience.....

  11. York Board Reports • Annual Risk Report • Audience: Audit and Finance Committee of Board of Governors • Focus: Risk Management tied to University’s Academic Plan (Key driver for senior admin decision making) • Supplement: Board memo on insurance coverage

  12. York Board Reports • Table of Contents • Introduction • Risk Management • Awareness and Educational Initiatives • Insurance Program Update • Premiums • Claims

  13. York Board Reports • Legislative Compliance Annual Report • New report for Risk Management as of 2013 • Update on Universe of Legislation applicable to York (Board Directive) • What are we going to report on? • Developed three-year reporting cycle approved by CFO and VP Admin. (Board Stakeholders)

  14. York Board Reports Legislative Compliance Annual Report (three-year reporting cycle)

  15. York Board Reports • Legislative Compliance Annual Report (three-year reporting cycle) • Year one: Review Top 15 Acts (based on risk impact); refresh Universe of Legislation (Federal, Provincial, Municipal) • Year two: Identify new Acts for possible inclusion in Top 15 • Year three: Review Universe of Legislation

  16. The TSSA Experience.....

  17. Audit, Finance and Risk Committee • Quarterly reporting on: • priority enterprise risks and their impact on strategic and business plan initiatives • status of risk mitigation activities and impact on level of risk • assurance (audit) activities • status of audit action plans • large losses (insured and uninsured)

  18. Audit, Finance and Risk Committee • Annual reporting on: • insurance program (renewal) • changes to ERM framework, Guideline, Risk Register • Business Continuity Plan (changes, results of tests, etc) • three-year audit plan

  19. Governance, Safety and Human Resources Committee • Quarterly reporting on priority enterprise risks and their impact on strategic and business plan initiatives • Quarterly reporting on status of risk mitigation activities and impact on level of risk • Reporting on results of assurance/audit activities, as appropriate

  20. Board of Directors • Annual reporting on results of enterprise risk assessment • Annual reporting on risk mitigation activities (in conjunction with strategic and business plan) • Reporting on results of assurance/audit activities as appropriate

  21. Tricks of the Trade • Risk legend for all agendas • Relate individual agenda items to risks • Add dedicated section / heading for risk to all reports, briefing material, etc.

  22. Agenda Legend (For Illustrative Purposes Only)

  23. Agenda Reference (For Illustrative Purpose Only)

  24. Dedicated section for risk in meeting material (For Illustrative Purposes Only) Purpose – For Discussion This report provides information to the Audit, Finance and Risk Committee (AFRC) on the implementation status of the fiscal year 2012/2013 internal audit plan, and internal audit action plans arising from previously completed audits, consistent with the AFRC work plan. Desired Outcome This report is intended to engage AFRC in discussions relative to the level of residual risk present as a result of control weaknesses identified during internal audit activities. Impact on Strategic Plan and Priority Enterprise Risks The internal audit action plans are designed to mitigate identified control weaknesses and/or risks and enable the achievement of objectives. Specifically, the action plans arising from the incident data, technical data and Oracle-Operating Engineers inspection process audits mitigate elements of the data and information risk (#6) and business controls and process risk (#7). The action plan arising from the information technology general controls audit also aims to mitigate aspects of the business controls and processes risk. Background XXX

  25. Best Practices You’d Like to Share...

More Related