The Risk Assessment Process - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

The Risk Assessment Process

Description:

You don't move a risk off the 'A' list simply because it is controlled ... 'A' list risks can be made at any time with the approval of the ECC ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 21
Provided by: utsy
Category:

less

Transcript and Presenter's Notes

Title: The Risk Assessment Process


1
Compliance Essentials Training Session
The Risk Assessment Process Presented
by August 3, 2006
David Crawford
2
The Risk Assessment Process
Role of the Compliance Officer in the Risk
Assessment Process
  • Assessing the Compliance Risks
  • Help identify and prioritize the A compliance
    risks
  • Recommend A compliance risks list to ECC
  • Facilitate operating unit risk assessments (and
    train as necessary)
  • Managing the A Risks
  • Monitoring the Risk Environment
  • Establishing a committee structure
  • Compliance Working Group
  • High-risk Sub-committees

3
The Risk Assessment Process
Identifying the A Risks
  • What is a Compliance Risk?
  • A compliance risk is the risk of loss resulting
    from failure to follow an internal policy or
    procedure or an external law, rule or regulation
  • Not to be confused with an operational risk,
    which is defined as a risk resulting from the
    ineffective and inefficient use of resources.

4
The Risk Assessment Process
Identifying the A Risks
  • Compliance Risk
  • Donor gift not in compliance with UT System Gift
    Acceptance Procedures
  • Use of select agents without adequate approval,
    monitoring or controls
  • Operational Risk
  • Not enough donor funds to effectively solve
    problem
  • Purchasing too much or too little of the material

5
The Risk Assessment Process
Identifying the A Risks
  • Facilitate Compliance Risk Assessment
  • Bottom-up (Best Practice)
  • Every Work Unit
  • Consolidate at Risk Area
  • Consolidate at Institution
  • The Risk Dictionary
  • Risk Area
  • Every risk area
  • Consolidate at Institution
  • Institution
  • Executive level only

6
The Risk Assessment Process
Question
  • What type of effective strategies can I use to
    encourage management and staff to fully
    participate in the risk assessment process
    despite their fear of creating more work for
    themselves by having to monitor, measure
    document activities?

7
The Risk Assessment Process
Identifying the A Risks
  • Institutional critical A risks
  • Risks that, if realized, would have a significant
    impact on the ability to achieve the goals
    objectives of your institution
  • Are overseen by the Executive Compliance
    Committee
  • Risk area critical B risks
  • Risks that, if realized, would NOT have a
    significant impact on the ability to achieve the
    goals objectives of your institution, but still
    have the potential to negatively impact your
    institution if not properly managed
  • Are overseen by the Risk Area responsible party
  • Never exclude a risk just because it has not
    occurred at your institution or because you think
    it will not occur

8
The Risk Assessment Process
Identifying the A Risks
  • How do we determine which risks to put on the A
    list?
  • Each risk area expert presents their risk matrix
    to the ECC for consideration
  • The Compliance Officer leads the discussion
  • The ECC decides what the A list risks will be

9
The Risk Assessment Process
Identifying the A Risks
  • The Compliance Office concentrates on providing
    oversight for institutional A list risks only
  • The Risk Area infrastructure focuses on providing
    oversight for both the institutional A list
    risks and Risk Area B list risks
  • The Work Unit infrastructure concentrates on
    managing the A, B and other risks

10
The Risk Assessment Process
Assurance at Different Risk Levels
11
The Risk Assessment Process
Managing the A Risks
  • The oversight controls the Compliance Office
    provides for institutional compliance A risks
    depends on how well the risk is managed
  • Well-controlled, established monitoring plangt
    Monitoring activities
  • Minimally-controlled and/or poorly defined
    monitoring plangt Assist responsible party in
    designing and implementing a monitoring plan
  • Poor control and/or no monitoring plangt
    Facilitate risk assessment and monitoring plan
    development (and report to the ECC and SW office!)

12
The Risk Assessment Process
Making Changes to Your A List
  • Submitted question
  • How do we move a risk off of the A list?

13
The Risk Assessment Process
Making Changes to Your A List
  • Answer
  • You dont move a risk off the A list simply
    because it is controlled
  • Adjustments to your institutions A list risks
    can be made at any time with the approval of the
    ECC
  • At least annually, these interim adjustments
    should be formalized and incorporated into an
    updated risk assessment that produces the next
    years A list risks

14
The Risk Assessment Process
The Ever-changing Risk Environment
  • Why do you constantly monitor your institutions
    compliance risk environment?
  • Risks are constantly changing
  • You must monitor your institutions risk
    environment for change react to that change
    appropriately

15
The Risk Assessment Process
The Ever-changing Risk Environment
  • How do you constantly monitor your institutions
    compliance risk environment?
  • Compliance Office monitors the institutional
    critical compliance A risk environment in
    conjunction with the high-risk area
  • High-risk Responsible Parties monitor their
    respective high-risk areas compliance risk
    environment
  • Have a standing item on the ECC agenda to discuss
    compliance risk environment

16
The Risk Assessment Process
Establish Compliance Working Group
  • Make-up of Compliance Working Group
  • Risk area managers
  • Advise assist in the performance of specific
    tasks
  • Developing risk-based plan
  • Ensuring awareness
  • Evaluating reports from A risk Responsible
    Parties
  • Quarterly meetings

17
The Risk Assessment Process
Establish High-risk Sub-committees
  • Make-up of High-risk Subcommittees
  • Each high-risk group forms a committee made up of
    managers from each area within the high-risk
    group
  • Advise assist in the performance of specific
    tasks
  • Developing risk-based plan
  • Ensuring awareness
  • Evaluating reports from work unit
  • Quarterly meetings

18
The Risk Assessment Process
Questions?
19
The Risk Assessment Process
Backup
20
The Risk Assessment Process
Risk Assessment Matrix
Rank Before Controls
BEST PRACTICES
Objective/Activity
Risk Exposure
Rank After Controls
Potential Impact
Prob.Of Occur.
Mitigation Strategy
Operating Controls
Monitoring Controls
Oversight Controls
Assurance Controls
HML
HML
HH HM HL MH MM
HML
Avoid Accept Transfer Control
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Risk Assessment Process" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!