Risk Assessment

Office of the ControllerJuly 23, 2004

Today’s AgendaToday’s Agenda

• Risk Assessment Framework Risk Assessment Framework

• Where Can Risk Occur?Where Can Risk Occur?

• Department ConcernsDepartment Concerns

• Campus ProcessesCampus Processes

• ScenarioScenario

Framework for Framework for Management of RiskManagement of Risk

UnderstandObjectives

AchieveAcceptable

Level ofExposure

Understand Risks

Manage Risks

What are you trying to

accomplish?

Where the efforts are focused

What gets in your way of

achieving your objectives?

Challenges or obstacles that could impact

your objectives

What are you doing to

manage this?

Current control

activities to manage risk

What is your level of

exposure?

Finding the right balance of controls

Discussion Item #1Discussion Item #1

Objective: Doing a successful Objective: Doing a successful presentation.presentation.

• What are the risks?What are the risks?

Risk Assessment Risk Assessment ComponentsComponents• ObjectivesObjectives

• RisksRisks

• Managing RiskManaging Risk

• Evaluating RiskEvaluating Risk

• Improvement Opportunities Improvement Opportunities

• MonitoringMonitoring

Where Can Risk Occur?Where Can Risk Occur?Measurement

&Information

PeopleRisks

Processes &

SystemsRisks

EnvironmentRisks

Materials,Facilities,

Equipment

FinancialObjectives

People RisksPeople Risks

• Ethics, culture, values, tone at the Ethics, culture, values, tone at the top top

• TrainingTraining

• Safety and securitySafety and security

Environment RisksEnvironment Risks

• LegalLegal

• SuppliersSuppliers

• NaturalNatural

• PoliticalPolitical

• CompetitionCompetition

Measurement and Measurement and Information RisksInformation Risks

• Timeliness / reliability / accuracyTimeliness / reliability / accuracy

• SecuritySecurity

• How we assess resultsHow we assess results

• Availability / relevanceAvailability / relevance

Processes and Systems Processes and Systems RisksRisks

• Policies and proceduresPolicies and procedures

• The way we conduct businessThe way we conduct business

• Security accessSecurity access

• System designSystem design

Materials, Facilities, and Materials, Facilities, and Equipment RisksEquipment Risks

• Quality, cost, delivery, and Quality, cost, delivery, and developmentdevelopment

• AvailabilityAvailability

• Technology / ObsolescenceTechnology / Obsolescence

• Energy ConsumptionEnergy Consumption

Department ConcernsDepartment Concerns

• Where is risk likely to occur?Where is risk likely to occur?

• What concerns do I have? Why?What concerns do I have? Why?

• How are those concerns How are those concerns managed?managed?

Discussion Item #2Discussion Item #2

Objective: Proper handling of cash.Objective: Proper handling of cash.

• Risks:Risks:Inadequate trainingInadequate trainingLack of adequate safeguardsLack of adequate safeguardsLack of individual accountabilityLack of individual accountabilityLack of separation of dutiesLack of separation of duties

• What are the consequences?What are the consequences?

• What are the controls in place?What are the controls in place?

VotingVoting

• Is the current process acceptable, Is the current process acceptable, acceptable with exposure, or acceptable with exposure, or unacceptable?unacceptable?

Next StepsNext Steps

• For those processes determined to For those processes determined to be Unacceptable, determine be Unacceptable, determine Improvement OpportunitiesImprovement Opportunities

• Establish a timelineEstablish a timeline

• MonitoringMonitoring

Campus Processes:Campus Processes:Are There Risks?Are There Risks?

• Form 5sForm 5s

• PayrollPayroll

• TravelTravel

• PurchasingPurchasing

• CashCash

ScenariosScenariosPerform a risk assessment using Perform a risk assessment using one of the following objectives:one of the following objectives:

• Ensure employees are paid Ensure employees are paid timely and accurately.timely and accurately.

• Ensure Form 5s are processed Ensure Form 5s are processed according to policy.according to policy.

• Ensure equipment purchases Ensure equipment purchases are done according to policy.are done according to policy. ..

ScenariosScenariosPerform a risk assessment using Perform a risk assessment using one of the following objectives:one of the following objectives:

• Ensure purchases using the LVPA Ensure purchases using the LVPA are done according to policy.are done according to policy.

• Ensure data integrity of financial Ensure data integrity of financial information.information.

• Ensure travel vouchers are Ensure travel vouchers are processed according to policy.processed according to policy.

Questions?Questions?

THANK YOU!THANK YOU!