Transcript LACCD Risk Assessment training

LACCD RISK ASSESSMENT
Presented by
Arnold Jenner Blanshard, CPA/MBA
Director, Internal Audit Department
1
AGENDA
1. Welcome
2. Risk Management
A. Risk Terminology
B. Risk Management Purpose
3. Risk Frame Work
A. Risk Category Definitions
B. Risk Framework
C. Risk Assessment Tool
2
AGENDA Cont. 1
4. Risk Identification Process
A. Identifying and Assessing
Risk B. Identifying and Assessing
Controls
5. EXAMPLES
6. Questions
3
Course Objective
This course will prepare you
to
• identify and assess Risk
in your auditees
environment
• Evaluate controls that are
currently in place (if
4
Course objectives Cont.
By the end of this course, you will be able
to:
• Describe the purpose of risk
management.
• Explain the five risk categories
• Describe the risk identification process
• Identify and assess risks and controls in
your auditee's department.
• Make Recommendation that would set
strong controls to mitigates risks
identified.
5
Risk Management is Everyone’s
responsibility: BOD
Exec Mgmt
Tone at the top
Directors & Senior Managers
Middle Manager
Employees
First Line of Defense from undue Risk
Board Committees, Executive, Internal Audit, Legal
Compliance, Security,
Provide ongoing support and independent
Review of Risk Management practices.
6
WHAT IS INTERNAL CONTROL ?
In basic term,
internal control
are the daily
operating
guidelines used by
a company.
7
WHAT IS INTERNAL CONTROL ? Cont 1
These controls are
processes, effected
by people at every
level (I. E.) board of
directors,
management, and
other personnel,
8
WHAT IS INTERNAL CONTROL ? Cont. 2
designed to provide
reasonable
assurance regarding
the achievement of
objectives in the
following
categories:
9
WHAT IS INTERNAL CONTROL ? Cont 3
(1)Operations run
Effectively and
efficiently to achieve
performance target
and increase
competitive advantage
10
WHAT IS INTERNAL CONTROL? Cont 4
(2) Financial
reporting is
accurate and timely
with sufficient
information to
support decision
11
WHAT IS INTERNAL CONTROL? Cont 5
(3) Policies and
procedures comply
with all
applicable laws
and regulations.
12
WHAT IS INTERNAL AUDITING ?
Internal auditing is an
independent, objective
assurance and
consulting activity
designed to add value
and improve an
organization's
operations.
13
WHAT IS INTERNAL AUDITING ? CONT
It helps an organization
accomplish its objectives
by bringing a systematic,
disciplined approach to
evaluate, monitor and
improve the effectiveness
of risk management,
control, and governance
processes.
14
WHAT IS THE FUNCTION OF THE
INTERNAL AUDITOR ?
The Internal auditor’s work
encompasses the examination
and
evaluation
of
the
adequacy and effectiveness of
the organization's system of
internal control and the
quality of the organization's
performance.
15
WHO DOES THE INTERNAL AUDIT
DEPARTMENT REPORT TO ?
internal audit
DEPARTMENT
Reports DIRECTLY
TO cfo/treasurer
WITH DOTTED LINE TO
THE BUDGET &
finance committee
16
WHO IS THE AUDIT COMMITTEE ?
THE AUDIT COMMITTEE IS MADE OF
MEMBERS OF THE BOARD OF trustees.
THE COMMITTEE IS RESPONSIBLE FOR
MONITORING MANAGEMENT AND STAFF;
COMPLIANCE WITH the BOARD OF
Directors POLICIES AND APPLICABLE
LAWS AND Regulations. THIS IS
Ascertained THROUGH THE
FUNCTIONS OF THE INTERNAL AUDIT
DEPARTMENT.
17
Risk Terminology
RISK: the chance of
something adverse and
unexpected happening
that will affect
corporate business
(policies & procedures)
objective and /or
financial performance.
18
Risk Terminology
Examples OF RISK:
1. CAR: Low Oil, No water, won't start,
and Flat tire
2. Shopping: Not finding what you want:
Spending a lot of money for
something that’s not worth that
amount
3. Relationship; you or your partner
would cheat, someone will take your
partner away from you
4. Work; the risk that I will not meet
that deadline: the risk that I Could
be late for work.
19
Risk Terminology cont.
Control: the ACTION PLAN
(TASKS OR PROCESSES)
FORMULATED AND
IMPLEMENTED TO REDUCE
THE PROBABILITY OF
CRITICAL RISKS OCURRING
AND POTENTIAL DAMAGE TO
THE BUSINESS.
20
Risk Terminology cont.
Examples of Control:
1. Car: check oil & water
weekly; regular service
check up, monthly SERVICE
check up of tire.
2. Using the internet to locate
items you want to buy; shop
more than three stores
before making a purchase
21
Risk Terminology cont.
Examples of Control:
3. Set rules that will diminish
any remote idea of cheating;
evaluate the type of person
before becoming partners.
4. Set your deadline a week
ahead of the actual
deadline; give yourself 15
minutes earlier as your
start time
22
Risk PROCESS
IDENTIFY
ASSESS
RISK
MANAGEMENT
CONTROL/
MONITOR
23
FIVE Risk Categories:
CREDIT
Operational
Strategic
Reputation
Market
I
24
Risk Categories: Credit
Cont.1
Credit Risk includes:
1. Default ( or failure to perform)
by an economic or legal entity
with which the company does
business.
2. Loss or opportunity cost as a
result of the failure of a
counterparty or customer to
honor its obligations in a timely
manner.
25
Risk Categories: Operational.
Operational: Arises from the
•
•
•
•
•
potential that THE COMPANY Has
inadequate information systems,
operational problems,
breaches in internal controls,
fraud
An Unforeseen catastrophe could
result in unexpected financial
loss
26
Risk Categories: Operational
Sub-Category
cont.1
Description
The risk that the company is unable to
HUMAN RESOURCE attract, retain and properly train
.MANAGEMENT RISK qualified individual to carry out its
strategic plan.
The risk that vendors do not provide the
Vendor
service for which they are being paid and
Management Risk
hence jeopardize our client relationship
for lack of service
The risk that assets which LACCD holds (
or holds at depositories) for the
Custody of Asset
company, in collateral or for its
Risk
customers, are not properly
safeguarded.
27
Risk Categories: Operational
cont. 2
Sub-Category
Description
Accounting and
Financial Public
Disclosure Risk
The risk that accounting and/or
financial information is inaccurate,
untimely or unsupported by records,
exposing the company to potential
undisclosed position or losses.
.
Technology Risk
The risk that automated systems do not
adequately support the operational and
business needs of LACCD (DISTRICTWIDE)
Physical Security,
Natural Hazard and
environmental risk
The risk that insurance converges are
inadequate to mitigate potential losses
in the operational and business activities
of LACCD (DISTRICTWIDE). This risk includes
the possibility that unseen catastrophes
(controllable or uncontrollable) will
result in unexpected losses to the
Company.
28
Risk Categories: Operational
Sub-Category
Cont.3
Description
Fraud and Embezzlement
Risk (Internal and
External)
The risk that monies and other
Instruments /information of value
are taken by theft.
Political /government
.Affairs Risk
The risk that changes in legislation or
the political environment may
disrupt or otherwise negatively
affect normal business operation.
Modeling Risk
The risk that financial models ( such as
end user Excel spreadsheets)
designed and used by employees are
not accurate as to spreadsheet
analytics, mathematics and
assumptions. These inaccuracies
yield faulty results and hence
critical strategic decision are made
based upon these flawed conclusion.
29
Risk Categories: Operational
Sub-Category
Cont.4
Description
Current and prospective
.
Loss Payment
Exposure/Claims
risk to earning and/or
capital
claims are improperly
adjudicated;
 claim and Incurred But not
Reported (IBNR) reserves
are not adequate;
 reinsurance is not
available
30
Risk Categories: Operational
Sub-Category
.
Compliance/
regulatory/
legal Risk
Cont.5
Description
The risk that arises from violation or
non-conformance with
 laws, rules, and regulations,
 prescribed practices
 ethical standards
 the company’s policies may be
ambiguous.
31
Risk Categories: Operational
Sub-Category
.
Compliance/
regulatory/
legal Risk
Cont.6
Description
Resulting:
 unenforceable contracts,
 lawsuits
 adverse judgments can disrupt
Operation or otherwise negatively
affect operations.
 exposes the foundation to fines,
civil monetary, penalties, payment
of damage, voiding of contracts, ect
32
Risk Categories: Cont.
MARKET:
THE RISK THAT ADVERSE
MOVEMENTS IN MARKET RATES
OR PRICES, SUCH AS INTEREST
RATE AND COMPETITORS PRICE
COULD NEGATIVELY AFFECT
THE MARKET VALUE OF LACCD
(DISTRICTWIDE) (ASSETS
AND/OR LIABILITIES).
33
Risk Categories: Market
Sub-Category
Cont.1
Description
.
Interest Rate Risk
Margin and other profitability exposure
due to interest rate fluctuations.
Price risk
The Company's price sensitivity to
market and competitive factors
34
Risk Categories: Market
Sub-Category
.
Liquidity Risk
Cont.2
Description
FUNDING LIQUIDITY:
Risk that the Company is
unable to meet contractual
obligations as they become
due because of an inability
to liquidate assets
Market liquidity risk:
obtain adequate funding
without incurring
unacceptable losses.
35
Risk Categories: Market
Sub-Category
Cont.3
Description
.
Liquidity Risk
Loss of liquidity can be
due:
(A)funding sources and
costs,
(B) diversity of those
sources , and cash
flow.
36
Risk Categories: Cont.
REPUTATION:
IS the potential that
negative publicity or public
opinion regarding an
institution’s business
practices whether true or
not, will trigger a decline
in the customer base,
costly litigation or
revenue reductions.
37
Risk Categories: Cont.
REPUTATION:
The risk that poorly designed
business strategy and /or
inadequate controls
surrounding credit,
operational and market risks
will result in significantly
undermining the company’s
reputation.
38
Risk Categories: Reputation.cont.1
Reputation Risk cover such
stakeholders as:
 Members AND POTENTIAL MEMBERS
 Regulatory community (Federal
and state agencies)
 Vendors
 Providers
 Other entities
39
Risk Categories.
Operational
Arises from the potential that
inadequate information system,
operational problems, breaches in
internal control, fraud or an
unforeseen catastrophe could result
in
unexpected financial loss and /or
regulatory noncompliance to the
company
CREDIT
Is the exposure to actual loss or
opportunity losses due to a
borrower's or counterparty's
failure to perform on its
obligations in accordance with
agreed terms
Strategic
is the current or prospective
risk to earnings and capital
arising from adverse
business decisions ,
improper implementation of
decisions or lack of
responsiveness to changes
in the business
environment
Reputation
Is the potential that negative publicity or
public opinion regarding an institution's
business practices, whether true or not ,
will trigger a decline in the customer
base, costly litigation or revenue
reductions.
Market
Is the risk that adverse movements
in market from competitors could
negatively affect the market value of
UHP Healthcare assets and/or
liabilities.
40
RISK FRAMEWORK
EXTERNAL INFLUENCES
MEMBERS
MEDIA
REGULATORS
COMPETITION
MARKETS
ECONOMIC
ENVIRONMENT
STRATEGIC RISK
CREDIT
RISK
OPERATION
RISK
MARKET
RISK
REPUTATION RISK
41
EXAMPLE RISK ASSESSMENT TOOL.
↓RISK CONSEQUENCES
High
AVOID
Considerable
Moderate
Accept
Transfer
Accept
Mitigate
Marginal
Low
Accept No
Mitigation
Required
Risk Probability
→
Improbable
Doubtful
Moderate
Possible
Probable
42
IDENTIFYING AND ASSESING RISKS
 Use your Policies and Procedures
to identify each process and then
identify the risk associated with
that process.
 Use the sample questions sample
Risk Question.xlsand risk category
definitions to help you brainstorm
all risks in your department
processes, activities and
products.
43
IDENTIFYING AND ASSESING CONTROL
 Identify all controls for each risk you
identify in your business processes,
activities and products.
 Use the tip for evaluating control to
assess the quality of total control
currently in place. Tips For
Evaluating control summaries.doc
 Determine Who is responsible for
each control ( management- level
position)
44
EXAMPLES
sample Risk .xls
45
QUESTIONS ?
46
47