Auditing Risk Management - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Auditing Risk Management

Description:

Auditing Risk Management. Ray Butler, CISA, FIRM (the client) Robin Frith, FIIA, AIRM (the auditor) ... Operator of England's strategic road network. Building ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 25
Provided by: PUBG9
Category:

less

Transcript and Presenter's Notes

Title: Auditing Risk Management


1
Auditing Risk Management
  • Ray Butler, CISA, FIRM (the client)
  • Robin Frith, FIIA, AIRM (the auditor)
  • Highways Agency
  • HIA Conference 2007

2
  • ..visible risk management is a good idea.. in
    the same way as keeping a set of accounts
  • Andy Garlick Estimating Risk A Management
    Approach Gower 2006

3
About the Agency
  • Founded in 1994
  • gt 3,500 staff
  • Operator of Englands strategic road network
  • Building / maintenance of Network
  • Asset base gt75Bn
  • 6.47 Bn Voted Budget

4
About the Network
  • ? of all road traffic in England
  • ? of all heavy freight traffic
  • 61 billion journeys pa,
  • 2.5 Million person-years pa total spent
    travelling,
  • Average resident makes over 1,000 trips
    travelling over 7,000 miles p.a.
  • The Strategic Road network is one of the most
    congested in the world
  • 5 reduction in delay for business and freight
    2.5bn benefit, 0.2 of GDP.
  • Congestion costs UK 8bn of GDP.
  • If left unchecked, rising to 22bn by 2025

5
Delivery..
  • Managing the network
  • Improving the Network
  • Providing information to travellers
  • Traveller workforce safety
  • Asset condition
  • Environment

6
Risks we face.
  • Weather
  • Structures
  • Congestion
  • Information

7
Risk Management in Highways Agency
  • Strategic Operational (Business) Risk
  • Started in 2002/3
  • Supplements Safety Project / Programme risk
  • Reported as part of performance management

8
Risk Registers Reporting
9
Risk Management in Highways Agency
  • Board have Corporate risk log in same format
  • Clear Escalation route to Board

10
The Audit (and Business) Risk
  • Risk management framework is ineffective, leading
    to ineffective and inefficient delivery of the
    Agencys business
  • Audit Committee Parent department require
    annual audit of this risk

11
The Audit (and Business) Question
  • How effective is our management of risk?
  • How good is the system / framework?
  • How does it stand up against best practice?
  • How well is it being used?
  • What do we need to improve?
  • Where in the business are the hot spots for
    improvement?

12
The Audit (and Business) Problem
  • How can we tell?
  • What is the basis of comparison?
  • How well would we deliver without risk management?

13
The Audit (and Business) Solution
  • HM Treasury Risk Management Assessment Framework
  • Our industry benchmark
  • Covers all aspects
  • Why go further afield?

14
RMAF Elements..
How well are we using it?
How good is the system?
15
Processes
  • Do HA processes incorporate RM?
  • Embedded
  • Context (stakeholders)
  • Identification evaluation
  • Criteria for evaluation
  • Risk control mechanisms
  • Review and assurance mechanisms
  • Communications

16
Risk Handling Outcomes
  • Are risks handled well? Does RM contribute to
    achieving outcomes?
  • Improved anticipation
  • Improved decision making
  • Improved review and assurance
  • Improved planning and target setting
  • Improved risk allocation
  • Improved delivery
  • Improved financial management

17
Maturity Levels
  • Capabilities
  • 1 Awareness and understanding
  • 2 Implementation planned in progress
  • 3 Implemented in all key areas
  • 4 Embedded and improving
  • 5 Excellent capability established
  • Results
  • 1 No evidence
  • 2 Satisfactory
  • 3 Good
  • 4 Very good
  • 5 Excellent

18
How We did it
  • Partnership between Auditor and Audited
  • Turned RMAF into self-assessment questionnaire
  • Audited centre (Ray) first
  • Then People in Directorates completed
  • Audit checked / challenged

19
But isnt the RMAF a bit narrow?
  • Internal benchmarking
  • External benchmarking
  • Praise given
  • Challenging areas for improvement
  • Risk disconnect
  • Core competency
  • Cultural change

20
Results - Maturity Levels 2007
21
Results - Maturity Levels over Time
22
Conclusions
  • Using RMAF
  • Answers all the questions
  • How good is the system / framework?
  • How does it stand up against best practice?
  • How well is it being used?
  • What do we need to improve?
  • Where in the business are the hot spots for
    improvement?
  • Allows us to track demonstrate improvement

23
The approach in summary..
  • Use the Treasury Framework
  • Audit the centre / system first..
  • Use those results to inform audits of Divisions /
    Functions / Branches
  • Supplement with comparisons with other businesses
  • Identify and track Maturity of Risk management
    in..
  • Specific Aspects
  • Areas within organisation
  • Whole Organisation

24
Resources
  • Risk Management Assessment Framework
  • (Web) http//www.hm-treasury.gsi.gov.uk/gfm/rst/Re
    sources.htm
  • (PDF) http//www.hm-treasury.gov.uk./media/6/6/17A
    8166B-BCDC-D4B3-16668DC702198931.pdf
  • Our questionnaire - on request to
    raymond.butler_at_highways.gsi.gov.uk
  • Highways Agency Information www.Highways.gov.uk
  • Annual Report, business plan, etc
    http//www.highways.gov.uk/aboutus/136.aspx
  • Real-Time Traffic Information
  • Link from our website
  • Traffic Radio on DAB or on-line
Write a Comment
User Comments (0)
About PowerShow.com