Risk Management and the role of the Audit Committee - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Risk Management and the role of the Audit Committee

Description:

... ownership of internal control and helps to provide assurance to stakeholders ... review internal and external audit reports - review corporate governance ... – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 23
Provided by: hefc8
Category:

less

Transcript and Presenter's Notes

Title: Risk Management and the role of the Audit Committee


1
Ian GrossHead of Internal Audit Projects
Risk Management and the role of the Audit
Committee
Higher Education Funding Council for England
2
What is risk?
  • A risk is
  • the threat or possibility that an action or
    event will adversely or beneficially affect an
    organisations ability to achieve its
    objectives.
  • All HEIs have (or should have) objectives

3
What is risk management?
  • Risk management is defined as
  • the systematic application of management
    policies, practices and procedures to the task of
    analysing, assessing, treating, monitoring and
    reporting on risks.

4
Is risk management really new?
  • Yes and no
  • Understanding risks is not new at all - most of
    us have an inherent understanding of risk e.g.
    health and safety risk assessments are well
    established audit and others use it
  • However, risk management in a corporate
    governance sense is new. It promotes ownership of
    the RM process at a high level

5
Why manage risks?
  • It supports the achievement of objectives
  • It allows higher risks to be taken
  • It reduces the chance of serious errors
  • Risks exist at all levels corporate/strategic,
    faculty, departmental, functional, personal,
    project . . . . So we all need to be risk
    managers in a way appropriate to our own
    responsibilities

6
Benefits of risk management
7
Why now?
  • Implementing the latest development in corporate
    governance (Turnbull report)
  • All sectors in the economy are now doing it
  • Ongoing process of promoting good practice
  • Accountability burden - promotes ownership of
    internal control and helps to provide assurance
    to stakeholders

8
Why use in HE?
  • Improve management within HE sector
  • Help maintain/enhance the reputation of HE
  • It is good practice
  • Helps encourage innovation ( risk taking)
  • Contributes to the management of change
  • Its not just about financial risks, but all
    kinds including academic reputation

9
What are the types of risk in HE?
10
What have we done about it?
  • Accounts direction - three year transition
  • Briefing for senior managers/governors
  • Hands-on guide
  • Web-based material
  • case studies
  • model policy
  • illustrative list of risks

11
What do we expect HEIs to do?
  • Obtain senior manager governor commitment and
    agreement to policy
  • Establish approach, plan and commence
    implementation
  • Start to embed process at all levels
  • Manage, monitor and report on main risks
  • Achieve balanced risk portfolio

12
Audit Committees Risk Management - 1
  • Ensure the Committee has an independent
  • appreciation of what constitutes good practice
  • in risk management, e.g. by considering
  • - the Turnbull report HEFCE guidance
  • - the use of independent training for members
  • - advice from other sources e.g. CUC
  • - how risk management works in your own
    organisations.

13
Audit Committees Risk Management - 2
  • Ensure the Committee is well informed about
  • the Universitys approach to risk management,
    e.g. by
  • - ensuring the internal auditors conduct reviews
    of the risk management arrangements (see HEFCE
    advice)
  • - asking the Vice Chancellor, senior managers
    and/or the risk co-ordinator to explain aspects
    of it periodically . . . .

14
Audit Committees Risk Management - 2
  • - considering the comments made by HEFCE at its
    periodic institutional review
  • - ensuring the external auditors plan to satisfy
    themselves on the adequacy of risk management
  • - asking for high-level risk owners to make
    presentations to the Committee about their
    risks . . . .

15
Audit Committees Risk Management - 2
  • - asking for departmental and functional heads to
    make presentations to the Committee
  • - making risk management a standing item on the
    Committees agenda
  • - ensuring the Clerk to the Committee is well
    informed about risk management issues
  • - asking to see the corporate level risk register
    periodically (say, annually)

16
Audit Committees Risk Management - 2
  • - asking to see subsidiary risk registers and/or
    risk assessments periodically (e.g. for a large
    capital project or a re-organisation or a new
    IT/estates/research strategy)
  • - ensuring that management uses risk management
    in a positive way, e.g to help assess
    opportunities arising.

17
Audit Committees Risk Management - 3
  • Test the effectiveness of the risk
  • management arrangements in place where
  • appropriate, e.g. by
  • - enquiring how a risk assessment was actually
    carried out
  • - questioning the effectiveness of the mitigating
    controls
  • - directing the internal auditors work towards
    risks of concern to the Committee . . . .

18
Audit Committees Risk Management - 3
  • - asking to see the results of the Vice
    Chancellors annual review of the effectiveness
    of internal control
  • - asking for periodic monitoring reports on the
    high-level (and other significant) risks
  • - ensuring that early warning indicators are in
    place where appropriate
  • - seeking management assurances on mitigating
    controls, further actions and residual risks . .
    . .

19
Audit Committees Risk Management - 3
  • - ensuring that all corporate objectives are
    adequately mapped against risks
  • - ensuring that there is a process in place to
    identify new or emerging risks
  • - challenging the treatment of residual risks
  • - ensuring that further actions identified in
    the risk management process are actually
    undertaken . . . .

20
Audit Committees Risk Management - 3
  • - enquiring how well risk management is embedded
    throughout the University and identifying areas
    where risk management is weak.

21
Audit Committees Risk Management - 4
  • At the year end (November/December meeting)
  • the Committee should
  • - review the Vice Chancellors statement of
    internal control and the process behind it
  • - review the internal auditors annual report
  • - review the external auditors management letter
  • - report to the University Council on the
    effectiveness of the risk management arrangements

22
Audit Committees Risk Management - 5
  • In summary, the Committee should
  • - familiarise itself with risk management
  • - catalyse risk management
  • - ensure appropriate audit work is undertaken
  • - review information on risks and risk management
  • - review internal and external audit reports
  • - review corporate governance statements
  • - report to the governing body.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Risk Management and the role of the Audit Committee" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!