1 CUAV Conference Risk Assessment May 18, 2015
Dec 24, 2015
1
CUAV ConferenceRisk AssessmentMay 18, 2015
2
Risk Assessment
Definition:
“The identification, evaluation, and estimation of the levels of risks involved in a situation, their comparison against benchmarks or standards, and determination of an acceptable level of risk.”
3
Risk Assessment
Steps in Performing Risk Assessment:• Identify events that could affect achievement of
organizational goals• Review strategic plan• Determine risk tolerance• Assess likelihood and impact of risks• Bring it all together and report out• Continuously monitor and adjust throughout the
year
4
Risk Assessment
Key Considerations:• Internal controls• Data management and security• Changes in operating environment• New personnel• New technology
5
Risk Assessment
Key Considerations:• New business models, products or activities• Organizational restructuring or expanding
operations• Regulatory requirements• Fraud
6
Risk Assessment
Assessing Likelihood and Impact of Risks:
• Select Board Members• Senior Management• Key Managers
Interview
7
Risk Assessment
Challenges / Pitfalls:• Treating it like a project, instead of continuous process
throughout the year• Not realizing the value of the process• Poor communication of results• Poor identification of next steps• Amount of information gathered is difficult to interpret
and use• Risk assessments are stale, same results every time
8
Risk Assessment
Benefits / Opportunities for Value:• Prioritization of risks; ranking of High, Med, Low• Ability to view and manage risks that span multiple
business or functional areas• Can detect changes that may impact the overall
environment and get ahead of them• Organizational commitment and cooperation• Collaborative risk discussions
9
Detailed Risk Assessment Example
10
Association of College and University Auditors
Risk Areas
11
Risk Assessment
Alumni Affairs and University Relations External Services Stakeholder Relations
Asset and Risk Management
Auxiliary and Service Departments
Emergency Preparedness Endowment & Development
Environmental Health & Safety
Athletics (NCAA) Auxiliary Enterprises Administration Bookstore Housing
Police
Recreation & Athletic Centers Service Centers‐‐Auxiliary Special Events Center
12
Risk Assessment
Financial Management
Governance & Leadership Governance Legal Strategic Management
Accounting Accounts Receivable Accounts Payable Capital Assets Cash Handling & Management Closing Process
Expenses Financial Reporting Payroll Revenue
13
Risk Assessment
Hospital (Medical Center) and Patient Care
Human Resources Benefits Other Human Resources
Information Technology
Charge Capture & Collection Compliance Hospital Building & Facilities Hospital Equipment & Supplies
Hospital Human Resources
Patient Care Patient Information & Privacy
IT Admin Support IT Customer Service IT Data Security
IT Development & Research
IT Operations IT Strategic Planning & Governance
14
Risk Assessment
Instruction and Academic Support
Plant Operations and Maintenance
Purchasing & Warehousing
Academic Administration Academic Records Management Academic Reporting Academic Support
Course & Curriculum Development
Instruction International Affairs
Building Maintenance Custodial Services Landscape & Grounds Major Repair & Renovation
Motor Pool
Physical Plant Administration Utilities
Inventory Management Procurement
Receiving Vendor Management
15
Risk Assessment
Research and Development
Student Services
Compliance Conflicts of Interest Facilities & Equipment Grants Accounting Human Subjects & Animal
Research Intellectual Property
Pre-award & Award Acceptance
Research Administration Research Financials Research Quality Research Safety Research Security Trademarks
Admissions Counseling Services Dining Enrollment Management Financial Aid
Health Services
Registration Student Centers & Activities Student Judicial Affairs
16
Risk Assessment
Questions?
Ben Sady
804.474.1267
Chris Kalafatis
804.474.1270
17
Appendix: DHG Risk Advisory Service Lines
STRATEGY, GOVERNANCE, IMPLEMENTATION & TESTING
• Regulatory Strategy and Risk Policy
• Regulatory Policy & Procedure Development & Implementation
• Regulation Assessments
REGULATORY SUPPORT & RESPONSE
• Regulatory Finding Response and Support
RISK MANAGEMENT
• ERM Target Operating Model• Risk Appetite Statement• Stress Testing• Model Risk Management• Risk Policy / Procedure
Development & Implementation
REGULATORY SOLUTIONS & RISK MANAGEMENT
FINANCE & PROCESS TRANSFORMATION
PROCESSES, PROCEDURES & CONTROLS• Process Mapping and
Documentation• Process and Procedure
Optimization / Improvement• Project Management• Remediation Support• Data Analytics• Policy and Procedure MERGERS & ACQUISITIONS• Business Integration
Services• Due Diligence• IPO Readiness• Legal Entity Restructuring
and Rationalization• M&A Regulatory Filing
Support
TECHNOLOGY SOLUTIONS
IT OPERATIONS & STRATEGY
• IT Strategy and Planning• IT Operational Gap Analysis• Benchmarking
TECHNOLOGY SOLUTIONS
• Business System Reviews• System Implementation
Support
IT COMPLIANCE
• IT SOX / ARMICS• SAS70 / SSAE16 / SOC• HIPAA / HITECH• PCI• ISO 27001 Consulting
INFO SEC AND RECOVERY
• Penetration Testing• Information Security
Reviews• DR / BCP Services• Computer Forensics /
Incident Response Services
INTERNAL AUDIT & COMPLIANCE
INTERNAL AUDIT• Co-Sourcing / Outsourcing• Risk Assessment Services• Operational Audits• IT Audit Services• IA Transformation• Audit Committee Advisory• QAR - Quality Assurance• Fraud Risk Management
COMPLIANCE• Financial Controls /
ARMICS / SOX Compliance
• Compliance Program Development
• Contract Recovery Audits• Vendor Management
Assessments and Consulting