1 CUAV Conference Risk Assessment May 18, 2015. 2 Risk Assessment Definition: “The identification, evaluation, and estimation of the levels of risks involved.

1

CUAV ConferenceRisk AssessmentMay 18, 2015

2

Risk Assessment

Definition:

“The identification, evaluation, and estimation of the levels of risks involved in a situation, their comparison against benchmarks or standards, and determination of an acceptable level of risk.”

3

Risk Assessment

Steps in Performing Risk Assessment:• Identify events that could affect achievement of

organizational goals• Review strategic plan• Determine risk tolerance• Assess likelihood and impact of risks• Bring it all together and report out• Continuously monitor and adjust throughout the

year

4

Risk Assessment

Key Considerations:• Internal controls• Data management and security• Changes in operating environment• New personnel• New technology

5

Risk Assessment

Key Considerations:• New business models, products or activities• Organizational restructuring or expanding

operations• Regulatory requirements• Fraud

6

Risk Assessment

Assessing Likelihood and Impact of Risks:

• Select Board Members• Senior Management• Key Managers

Interview

7

Risk Assessment

Challenges / Pitfalls:• Treating it like a project, instead of continuous process

throughout the year• Not realizing the value of the process• Poor communication of results• Poor identification of next steps• Amount of information gathered is difficult to interpret

and use• Risk assessments are stale, same results every time

8

Risk Assessment

Benefits / Opportunities for Value:• Prioritization of risks; ranking of High, Med, Low• Ability to view and manage risks that span multiple

business or functional areas• Can detect changes that may impact the overall

environment and get ahead of them• Organizational commitment and cooperation• Collaborative risk discussions

9

Detailed Risk Assessment Example

10

Association of College and University Auditors

Risk Areas

11

Risk Assessment

Alumni Affairs and University Relations External Services Stakeholder Relations

Asset and Risk Management

Auxiliary and Service Departments

Emergency Preparedness Endowment & Development

Environmental Health & Safety

Athletics (NCAA) Auxiliary Enterprises Administration Bookstore Housing

Police

Recreation & Athletic Centers Service Centers‐‐Auxiliary Special Events Center

12

Risk Assessment

Financial Management

Governance & Leadership Governance Legal Strategic Management

Accounting Accounts Receivable Accounts Payable Capital Assets Cash Handling & Management Closing Process

Expenses Financial Reporting Payroll Revenue

13

Risk Assessment

Hospital (Medical Center) and Patient Care

Human Resources Benefits Other Human Resources

Information Technology

Charge Capture & Collection Compliance Hospital Building & Facilities Hospital Equipment & Supplies

Hospital Human Resources

Patient Care Patient Information & Privacy

IT Admin Support IT Customer Service IT Data Security

IT Development & Research

IT Operations IT Strategic Planning & Governance

14

Risk Assessment

Instruction and Academic Support

Plant Operations and Maintenance

Purchasing & Warehousing

Academic Administration Academic Records Management Academic Reporting Academic Support

Course & Curriculum Development

Instruction International Affairs

Building Maintenance Custodial Services Landscape & Grounds Major Repair & Renovation

Motor Pool

Physical Plant Administration Utilities

Inventory Management Procurement

Receiving Vendor Management

15

Risk Assessment

Research and Development

Student Services

Compliance Conflicts of Interest Facilities & Equipment Grants Accounting Human Subjects & Animal

Research Intellectual Property

Pre-award & Award Acceptance

Research Administration Research Financials Research Quality Research Safety Research Security Trademarks

Admissions Counseling Services Dining Enrollment Management Financial Aid

Health Services

Registration Student Centers & Activities Student Judicial Affairs

16

Risk Assessment

Questions?

Ben Sady

804.474.1267

[email protected]

Chris Kalafatis

804.474.1270

[email protected]

17

Appendix: DHG Risk Advisory Service Lines

STRATEGY, GOVERNANCE, IMPLEMENTATION & TESTING

• Regulatory Strategy and Risk Policy

• Regulatory Policy & Procedure Development & Implementation

• Regulation Assessments

REGULATORY SUPPORT & RESPONSE

• Regulatory Finding Response and Support

RISK MANAGEMENT

• ERM Target Operating Model• Risk Appetite Statement• Stress Testing• Model Risk Management• Risk Policy / Procedure

Development & Implementation

REGULATORY SOLUTIONS & RISK MANAGEMENT

FINANCE & PROCESS TRANSFORMATION

PROCESSES, PROCEDURES & CONTROLS• Process Mapping and

Documentation• Process and Procedure

Optimization / Improvement• Project Management• Remediation Support• Data Analytics• Policy and Procedure MERGERS & ACQUISITIONS• Business Integration

Services• Due Diligence• IPO Readiness• Legal Entity Restructuring

and Rationalization• M&A Regulatory Filing

Support

TECHNOLOGY SOLUTIONS

IT OPERATIONS & STRATEGY

• IT Strategy and Planning• IT Operational Gap Analysis• Benchmarking

TECHNOLOGY SOLUTIONS

• Business System Reviews• System Implementation

Support

IT COMPLIANCE

• IT SOX / ARMICS• SAS70 / SSAE16 / SOC• HIPAA / HITECH• PCI• ISO 27001 Consulting

INFO SEC AND RECOVERY

• Penetration Testing• Information Security

Reviews• DR / BCP Services• Computer Forensics /

Incident Response Services

INTERNAL AUDIT & COMPLIANCE

INTERNAL AUDIT• Co-Sourcing / Outsourcing• Risk Assessment Services• Operational Audits• IT Audit Services• IA Transformation• Audit Committee Advisory• QAR - Quality Assurance• Fraud Risk Management

COMPLIANCE• Financial Controls /

ARMICS / SOX Compliance

• Compliance Program Development

• Contract Recovery Audits• Vendor Management

Assessments and Consulting