slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Risk Assessment and Internal Controls Anna Tomassacci Beth Ferracane Brendan McClune PowerPoint Presentation
Download Presentation
Risk Assessment and Internal Controls Anna Tomassacci Beth Ferracane Brendan McClune

Loading in 2 Seconds...

play fullscreen
1 / 30

Risk Assessment and Internal Controls Anna Tomassacci Beth Ferracane Brendan McClune - PowerPoint PPT Presentation


  • 684 Views
  • Uploaded on

Risk Assessment and Internal Controls Anna Tomassacci Beth Ferracane Brendan McClune Objectives Complete a basic risk assessment. Set up a system of internal controls to mitigate the risks identified during the assessment.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Risk Assessment and Internal Controls Anna Tomassacci Beth Ferracane Brendan McClune' - adamdaniel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Risk Assessment and

Internal Controls

Anna Tomassacci

Beth FerracaneBrendan McClune

objectives
Objectives
  • Complete a basic risk assessment.
  • Set up a system of internal controls to mitigate the risks identified during the assessment.
  • Apply internal controls to potentially deter negative events (e.g., fraud, inappropriate procurements, improper payments, etc.).

Office of Operations 2009 Fall Conference

agenda
Agenda
  • Internal Controls Overview
  • Group Exercises:
    • Global Risk Assessment for Procurement and Accounts Payable departments
      • Identify objectives and risks
      • Design control activities
    • Risk Assessment – Program Areas
      • Rank risks by impact and likelihood assuming there are no controls
      • Rank risks by impact and likelihood given existing controls
    • Attack and Defend Exercises

Office of Operations 2009 Fall Conference

internal controls history
Internal Controls History
  • NYS Governmental Accountability, Audit & Internal Control Act of 1987
  • Budget Bulletin 350
  • Committee of Sponsoring Organizations of the Treadway Commission (COSO)

Office of Operations 2009 Fall Conference

internal control
Internal Control

The integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its mission.

Office of Operations 2009 Fall Conference

basic components
Basic Components
  • Control Environment
  • Risk Assessment
  • Control Activities
  • Information & Communication
  • Monitoring

Office of Operations 2009 Fall Conference

internal controls pyramid
Internal Controls Pyramid

Monitoring

Control

Activities

Risk Assessment

Information & Communication

Information& Communication

ControlEnvironment

Office of Operations 2009 Fall Conference

control environment
Control Environment

Influences all of the decisions and activities of an organization, and on the control consciousness of its people

The Tone at theTop

The foundation for all the other components

Office of Operations 2009 Fall Conference

risk assessment
Risk Assessment

The possibility that an event will occur and adverselyaffect the achievement of objectives.

To evaluate; to examine carefully; to determine or set the value of something.

Office of Operations 2009 Fall Conference

control activities
Control Activities

The tools – both manual and automated – that help prevent or reduce the risks that can stop an organization from meeting its objectives and goals.

Office of Operations 2009 Fall Conference

information communication
Information & Communication

The exchange of information between and among people and organizations.

Office of Operations 2009 Fall Conference

monitoring
Monitoring

The ongoing review of the organization's daily activities and transactions to determine whether controls are effective in ensuring that operations work as intended.

Office of Operations 2009 Fall Conference

risk assessment13
The possibility that an event will occur and adverselyaffect the achievement of objectives.

To evaluate; to examine carefully; to determine or set the value of something.

Risk Assessment

Office of Operations 2009 Fall Conference

process
Process
  • What are the objectives?
  • What could go wrong (the Risk)?
  • What’s the likelihood of it occurring?
  • What’s the impact if it happens?
  • Prioritize and respond accordingly.

Office of Operations 2009 Fall Conference

risk assessment15
Risk Assessment

Assess each risk in terms of:

  • The likelihood of the negative event.
  • The significance or impact of the event.

Office of Operations 2009 Fall Conference

risk assessment16
Likelihood

The probability that an unfavorable event would occur if there were:

No internal controls.

Existing internal controls.

Impact

A measure of the magnitude of the effect on an organization if the unfavorable event were to occur

Risk Assessment

Office of Operations 2009 Fall Conference

ask the questions
Ask the questions …
  • What obstacles could stand in the way of achieving your objective?
  • What can go wrong?
  • What is the worst thing that could happen?
  • What is the worst thing that has happened?

Office of Operations 2009 Fall Conference

ask the questions18
Ask the questions …
  • Are there new processes? Changed ones?
  • New goals or legislation?
  • Staffing changes?
  • What keeps you awake at night?

Office of Operations 2009 Fall Conference

evaluating risk
Evaluating Risk

HIGH

Area IV

Most Concern

Area II

Minimal Concern

LIKELIHOOD

Judgment Required

Area I

Least Concern

Area III

Moderate Concern

LOW

LOW

IMPACT

HIGH

Office of Operations 2009 Fall Conference

helpful hints
Helpful Hints
  • Change is the one constant.
  • A risk assessment is never “done.”
  • Communication and education can make all the difference.
  • The greatest risk is turning a blind eye to the possibility of risk.
  • Knowledge is power!

Office of Operations 2009 Fall Conference

managing risk
Managing Risk

Three options:

  • Avoid the risk
  • Accept it
  • Prevent it

Office of Operations 2009 Fall Conference

managing risk22
Managing Risk

Avoid the risk:

Whatever the risky activity is…

Don’t do it!

No additional controls are required

Office of Operations 2009 Fall Conference

managing risk23
Managing Risk

Accept the risk:

Continue the way you’re going

Maintain the Status Quo

No changes, no new controls

Office of Operations 2009 Fall Conference

managing risk24
Managing Risk

Prevent or reduce the risk:

Actively work to control the risk

Change how you operate!

Establish whatever controls are necessary to manage the risk

Office of Operations 2009 Fall Conference

control activities25
Control Activities

The tools – both manual and automated – that help prevent or reduce the risks that can stop an organization from meeting its objectives and goals.

Office of Operations 2009 Fall Conference

control activities26
Control Activities

Controls can be…

  • Directive:guide an organization toward desired outcome.
  • Preventive:deter the occurrence of an undesirable event.
  • Detective:identify undesirable events and alert management.

Office of Operations 2009 Fall Conference

commonly used control activities
Commonly Used Control Activities
  • Documentation
  • Approval and Authorization
  • Verification
  • Supervision
  • Separation of Duties
  • Safeguarding Assets

Office of Operations 2009 Fall Conference

risk controls
Risk & Controls

HIGH

Area IV

Most Concern

Area II

Minimal Concern

LIKELIHOOD

Judgment Required

Area I

Least Concern

Area III

Moderate Concern

LOW

LOW

IMPACT

HIGH

Office of Operations 2009 Fall Conference

control activities29
Control Activities

Cost v. Benefit

The cost of the controls shouldn’t be greater than the cost of the potential loss.

Office of Operations 2009 Fall Conference

questions
Questions

Office of Operations 2009 Fall Conference