1 / 17

The University of Texas System Institutional Compliance Program

The University of Texas System Institutional Compliance Program. Risk Assessment . Agenda. Roll Call & Opening Remarks - Charles Chaffin Session Objectives – David Crawford Risk Assessment Process – David Crawford Three Approaches to Risk Assessment UT Arlington – Jennifer Chapman

giles
Download Presentation

The University of Texas System Institutional Compliance Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The University of Texas System Institutional Compliance Program Risk Assessment

  2. Agenda • Roll Call & Opening Remarks - Charles Chaffin • Session Objectives – David Crawford • Risk Assessment Process – David Crawford • Three Approaches to Risk Assessment • UT Arlington – Jennifer Chapman • UT Dallas – Jody Nelson • UT Southwestern Medical Center at Dallas – Al Thibodeau • Questions and Answers • Summary

  3. Session Objectives • Definition of Compliance Risk • Develop a risk inventory • Validate the risk inventory with high-risk group products • Select the institutional “A” risks • Continuing Risk Assessment • What about non-”A” risks • What do others do and what have they learned

  4. Definition of Compliance Risks • A compliance risk is the likelihood that an employee (faculty, administration, or staff) will fail to follow an internal policy or procedure or an external law, rule or regulation that applies to the activity in which they are engaged.

  5. Risk Assessment Process • Three Ways to Develop Your Risk Inventory • Determining Your Institutional “A” Risks • Using High-Risk Work Group Products to Validate Your Risk Inventory • What About All the Other Compliance Risks • Keep Up with the Changing Risk Environment

  6. Three Ways to Develop Your Risk Inventory • Bottom-up • Every Work Unit • Consolidate at Risk Area • Consolidate at Institution • Risk Area • Every risk area • Consolidate at Institution • Institution • Executive Level only

  7. Risk Assessment Matrix (Name of Process or Function) BEST PRACTICES Objective/Activity Risk & Exposure Rank BeforeControls Rank After Controls Potential Impact Prob.OfOccur. Mitigation Strategy Operating Controls Monitoring Controls Oversight Controls I/A Controls HML HML HH HM HL MH MM HML Avoid Accept Transfer Control

  8. Determine Your Institution’s “A” Risks • Determine Potential Impact and Probability of each Risk • Value of each risk is the combination of these two with impact value always first • Items with HH and HM values (high impact/high probability and high impact/medium probability) should be on “A” list • Items with HL and MH may be on “A” list

  9. Possible Risk Management Actions

  10. Institutional Risk Matrix by Risk Area

  11. Using High Risk Work Group Products to Validate • Compare your institutional “A” risks to the High-Risk Area Work Group “A” risks • Be able to explain rationale for any item on your “A” list that is not on Work Group “A” risks list • Be able to explain rationale for any item on Work Group “A” risk list not on your “A” list

  12. What About All the Other Compliance Risks • “A” risks at every level must be managed • “A” risks at every level require • Responsible party • Monitoring plan • Specialized training plan • Reporting plan • Difference between “A” risks at the different levels is who performs the oversight, on whom, and for whom

  13. Institutional Level “A” Risks Covered Who Provides Oversight Controls On Whom Oversight is Provided For Whom Oversight Is Provided Institution “A” Risks Compliance Officer and Function Responsible Party Chief Executive Officer Risk Area Risk Area “A” risks not included above Risk Area Responsible Party Work Unit Management Compliance Officer Work Unit Work Unit risks not included in either above Work Unit Management Work Unit Employees Risk Area Responsible Party Institution Oversight Controls for “A” Risks at All Levels

  14. Keep Up with Changing Risk Environment • Centralized office to monitor external environment • High Risk responsible parties monitor their respective high risk area internal and external environment • Compliance Committee (and/or work group) discusses environment and potential changes as a part of every meeting • Annual assessment of both internal and external environment

  15. Component Risk Assessment Presentations • UT Arlington – Jennifer Chapman • UT Dallas – Jody Nelson • UT Southwestern Medical Center at Dallas – Al Thibodeau

  16. Questions and Answers

  17. Summary • Risk environment for your institution is unique • Risk environment continuously changes • Risk ranking changes with the environment • Risk assessment is on-going, not periodic • Be Prepared for change by Managing the “A” risks at every level of the institution

More Related