logging in or signing up risk management and audit plan gyanagnihotri Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Copy Does not support media & animations WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 687 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: July 28, 2010 This Presentation is Public Favorites: 1 Presentation Description AUDIT,PLA Comments Posting comment... Premium member Presentation Transcript Risk Management and the Audit Plan : Risk Management and the Audit Plan By Gyan Agnihotri Introduction : Introduction Background and context What is risk management? Why is risk management important? Birmingham City Council’s approach Risk registers Mapping to the audit plan What’s next? Conclusion and questions Background and context - theCIPFA/SOLACE Framework : Background and context - theCIPFA/SOLACE Framework Structures & Processes Standards of Conduct Service Delivery Arrangements Community Focus Risk Management and Internal Control Background and context -CIPFA definition of Internal Audit : Background and context -CIPFA definition of Internal Audit Service Delivery Arrangements Internal Audit is an assurance function that primarily provides an independent and objective opinion to the organisation on the control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the organisation’s objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources. Source: 2003 Code of Practice for Internal Audit Background and context : Background and context What has BCC done? Reviewed existing Corporate Governance arrangements Adopted the CIPFA/SOLACE framework Prepared and adopted a local Code of Corporate Governance Identified the Strategic Director of Resources as Officer “Corporate Governance Champion” and Deputy Leader as Member “Corporate Governance Champion” Established a Corporate Governance Action Plan Developed the Constitution Worked on embedding Risk Management What is risk management? : What is risk management? Definition: Risk management is about making the most of opportunities (making the right decisions) and about achieving objectives once those decisions are made Source: Solace/Zurich Municipal What is risk management? : What is risk management? It is a tool that can help to prioritise where resources should be targeted. Failure to manage risk effectively may result in financial losses, disruption to services, threats to public health and safety, bad publicity or claims for compensation. Need to ask: What are the barriers to us achieving our targets/plans? What are the worse things that could happen to us? How likely are they to happen? Are sufficient steps being taken to prevent them from happening? What is risk management? : What is risk management? Why is risk management important? : Why is risk management important? Need to manage the risks identified, have clear action plans with measurable performance indicators/targets, key dates and responsible officers in place. Need to monitor how effective the action plans are at reducing the risk impact/likelihood. If not effective a different approach to manage the risk needs to be put in place. BCC approach to Risk Management : BCC approach to Risk Management Risk management strategy approved by Cabinet July 2001, updated in October 2002 and again in 2004. Risk Champion nominated by each Directorate’s Management Team. Initial training provided to Risk Champions and some staff within Birmingham Audit by Zurich. Head of Birmingham Audit tasked with leading on risk management - presentations done to Management Teams, facilitation at risk identification workshops. Briefings/training provided to Divisional reps. Risk management documents updated and distributed - internally and externally. abc Risk Registers : Risk Registers Directorate risk registers produced and top 10 - 15 risks per Directorate nominated to form basis of first Corporate Risk Register. Corporate risk management group formed - currently consists of Deputy Leader, Strategic Director of Resources, Director of Performance Improvement and the Head of Birmingham Audit. Corporate risk register updated. Now working to develop Divisional and Service level risk registers. Also applied to projects. Corporate Risk Register process has been altered to try to speed up the refresh process and include “issues” as well as risks. Risk Register : Risk Register abc Action Plan : Action Plan Mapping to the Audit Plan : Mapping to the Audit Plan Early days yet but we are: Using the areas highlighted on the Corporate Risk Register to identify areas for audit review. Using Directorate risk registers to inform the audit plan and the focus of work programmes Using risk management approach to help with areas of known vulnerability. Auditing the risk management process too! What’s next? : What’s next? We have purchased Magique - a computerised risk management system that integrates with our audit management system (Galileo) and will help to drive the risk based plan. Magique is being customised to suit our needs and is being tested. We plan to pilot Magique by using it for the Corporate Risk Register and a volunteer Directorate / Division. We will use the information from the registers and action plans to identify the key controls to be audited and to highlight where risks are severe but not being managed. Conclusion and questions : Conclusion and questions Concluding points: Stress that risk management is not new - it is good management practice. Link in with business planning and performance management. Keep in mind the bigger picture regarding Corporate Governance and Assurance Statements. Internal Audit cannot ignore risk management. Any questions? thanks : thanks You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
risk management and audit plan gyanagnihotri Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Copy Does not support media & animations WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 687 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: July 28, 2010 This Presentation is Public Favorites: 1 Presentation Description AUDIT,PLA Comments Posting comment... Premium member Presentation Transcript Risk Management and the Audit Plan : Risk Management and the Audit Plan By Gyan Agnihotri Introduction : Introduction Background and context What is risk management? Why is risk management important? Birmingham City Council’s approach Risk registers Mapping to the audit plan What’s next? Conclusion and questions Background and context - theCIPFA/SOLACE Framework : Background and context - theCIPFA/SOLACE Framework Structures & Processes Standards of Conduct Service Delivery Arrangements Community Focus Risk Management and Internal Control Background and context -CIPFA definition of Internal Audit : Background and context -CIPFA definition of Internal Audit Service Delivery Arrangements Internal Audit is an assurance function that primarily provides an independent and objective opinion to the organisation on the control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the organisation’s objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources. Source: 2003 Code of Practice for Internal Audit Background and context : Background and context What has BCC done? Reviewed existing Corporate Governance arrangements Adopted the CIPFA/SOLACE framework Prepared and adopted a local Code of Corporate Governance Identified the Strategic Director of Resources as Officer “Corporate Governance Champion” and Deputy Leader as Member “Corporate Governance Champion” Established a Corporate Governance Action Plan Developed the Constitution Worked on embedding Risk Management What is risk management? : What is risk management? Definition: Risk management is about making the most of opportunities (making the right decisions) and about achieving objectives once those decisions are made Source: Solace/Zurich Municipal What is risk management? : What is risk management? It is a tool that can help to prioritise where resources should be targeted. Failure to manage risk effectively may result in financial losses, disruption to services, threats to public health and safety, bad publicity or claims for compensation. Need to ask: What are the barriers to us achieving our targets/plans? What are the worse things that could happen to us? How likely are they to happen? Are sufficient steps being taken to prevent them from happening? What is risk management? : What is risk management? Why is risk management important? : Why is risk management important? Need to manage the risks identified, have clear action plans with measurable performance indicators/targets, key dates and responsible officers in place. Need to monitor how effective the action plans are at reducing the risk impact/likelihood. If not effective a different approach to manage the risk needs to be put in place. BCC approach to Risk Management : BCC approach to Risk Management Risk management strategy approved by Cabinet July 2001, updated in October 2002 and again in 2004. Risk Champion nominated by each Directorate’s Management Team. Initial training provided to Risk Champions and some staff within Birmingham Audit by Zurich. Head of Birmingham Audit tasked with leading on risk management - presentations done to Management Teams, facilitation at risk identification workshops. Briefings/training provided to Divisional reps. Risk management documents updated and distributed - internally and externally. abc Risk Registers : Risk Registers Directorate risk registers produced and top 10 - 15 risks per Directorate nominated to form basis of first Corporate Risk Register. Corporate risk management group formed - currently consists of Deputy Leader, Strategic Director of Resources, Director of Performance Improvement and the Head of Birmingham Audit. Corporate risk register updated. Now working to develop Divisional and Service level risk registers. Also applied to projects. Corporate Risk Register process has been altered to try to speed up the refresh process and include “issues” as well as risks. Risk Register : Risk Register abc Action Plan : Action Plan Mapping to the Audit Plan : Mapping to the Audit Plan Early days yet but we are: Using the areas highlighted on the Corporate Risk Register to identify areas for audit review. Using Directorate risk registers to inform the audit plan and the focus of work programmes Using risk management approach to help with areas of known vulnerability. Auditing the risk management process too! What’s next? : What’s next? We have purchased Magique - a computerised risk management system that integrates with our audit management system (Galileo) and will help to drive the risk based plan. Magique is being customised to suit our needs and is being tested. We plan to pilot Magique by using it for the Corporate Risk Register and a volunteer Directorate / Division. We will use the information from the registers and action plans to identify the key controls to be audited and to highlight where risks are severe but not being managed. Conclusion and questions : Conclusion and questions Concluding points: Stress that risk management is not new - it is good management practice. Link in with business planning and performance management. Keep in mind the bigger picture regarding Corporate Governance and Assurance Statements. Internal Audit cannot ignore risk management. Any questions? thanks : thanks