Risk Management short practical guidance
|
|
- Vernon Casey
- 7 years ago
- Views:
Transcription
1 Risk Management short practical guidance April 2014 Introduction Risks are related to potential problems or situations that, if they materialise, could affect negatively the achievement of the Organisation s objectives and outputs as defined in the biennial Programme and Budget. At the same time, conscious and controlled risk taking is required to seize emerging opportunities. Risk management is a systematic way of gathering, evaluating, recording and disseminating information leading to action in response to identified risks. It is an internal management tool that today is used also by most international organisations. Risk Management is foreseen in the CoE Financial Regulations and based on positive pilot exercises it was decided in January 2014 that systematic risk management is introduced in the whole Organisation. Risk management is a not a one-off but a continuous exercise in four main stages: 1. Identifying risks, 2. Assessing risks (their likelihood and potential impact, enabling them to be prioritised), 3. Addressing risks (mitigating the occurrence or impact of adverse events and maximising the likelihood that objectives will be achieved), and 4. Reviewing and reporting on risks (the status and effectiveness of mitigating controls or action). How to prepare a risk register? The key requirement is a risk register table, prepared and followed-up at the MAE-level. The following summarises the steps for preparing the risk register using the template in table 4 at the end of this document. The template contains some examples as illustration. While using the steps shown below, the level of involvement of individual staff should be adapted according to the size of the MAE/directorate. This is at the same time a team building exercise and increases the communication among the staff. Foresee several sessions and you may need a break between them to gather new ideas and reflect on the draft elements established. If possible, invite an external moderator in order to help in compiling and assessing the risks and agreeing on follow-up action. DIO is ready to participate in the preparation before, during and after such sessions to provide methodological support. Step 1: Recall the strategic objective The point of departure is the relevant strategic objective as per the Programme and Budget document, please enter it into the line Strategic Objective of the risk register in table 4 below. 1
2 Step 2: Identify risks The following question should be answered: What can put the achievement of strategic and other objectives at risk? Specific risks, each belonging to a defined risk area, should be described in the risk register (table 4 below). To start the process each staff member (or manager in bigger MAEs) should list the five most important risks regarding their line of work. The focal point for the risk assessment, or the heads of units, should fill them into the draft risk register table. It is important to prepare the risk register with different risk areas and angles in mind but it is not necessary to address all the risk areas listed below. The MAE s overall register should generally not contain more than specific risks in order to remain operational. However, fraud risks should always be considered. The identified risks should be largely actionable by the MAE and not only depend on organisation-wide actions and additional resources. Table 1: Main types of risk areas in the CoE context Risk areas Examples Communication and reputation Lack of visibility, incorrect information, information leaks, bad performance, unethical behaviour of staff Political risks Politically incorrect action/decision, non-implementation by states, lack of political support, member states leaving the organisation. Management Deficient forecasting/planning/management, weaknesses in conflict resolution, inefficient processes, etc. Safety and security Security of staff in the workplace, work accidents, protection of property, break-ins or intrusions Human resources Financial Lack of motivation, imbalanced work load distribution, loss of key staff, recruitment duration and constraints, legal disputes, falsified diplomas, baseless claims for family or other allowances, etc. Excess costs, shortfalls in income, failure to achieve potential savings, procurement issues, financial losses, embezzlement, etc, Legal IT or technical Contractual risk, risk of legal action, obligations towards third parties, etc. Computer system deficiencies, loss of data, equipment failures, etc. During a meeting or a retreat, compile all risks in one table for the MAE and strive for a consensus about the assessment of the risks. Identifying particularly sensitive or confidential risks is an important part of the risk 2
3 management process. If so wished, such risks can be brought to the exclusive attention of the Secretary General, who will look at all key risks of the CoE Risk Register. Step 3: Likelihood and impact analysis The following definitions are used for likelihood (probability of occurrence) and impact determination. The categories are qualitative and are best established in a group discussion. The results of the assessment are again entered in the columns under risk assessment in the risk register (table 4 below). Table 2: Risk likelihood and impact categories Likelihood High Medium Low Impact High Medium Low Definition The risk is very likely to occur and controls are ineffective. The risk is likely to occur and controls have some effect. The risk is not likely to occur and controls are effective. Definition Severe adverse effects on organisational operations, assets, or individuals expected. Serious adverse effects on organisational operations, assets, or individuals expected. Limited adverse effects on organisational operations, assets, or individuals expected. Step 4: Determine the risk exposure When the risks have been analysed by likelihood and impact they can be categorised as in the graph below. High impact and high likelihood combined give the highest risks which need considerable management effort to address them (shown as red), medium impact and medium likelihood risks require still management attention (shown as orange) while on the other hand low impact and low likelihood risks can be accepted (shown as green). The results are entered into the column exposure in the risk register table 4 below. 3
4 Table 3: Risk heat map IMPACT RISK MANAGEMENT ACTIONS High Management required AMBER Must actively manage and monitor risks RED Considerable management effort essential RED Medium Risks may be worth accepting with monitoring GREEN Management required AMBER Must actively manage and monitor risks RED Low Accept risks GREEN Accept, but monitor risks GREEN Management required AMBER Low Medium High LIKELIHOOD Step 5: Prepare the risk mitigation action The next step is to develop action addressing the various risks, starting with the most urgent ones in red and put them into the table 4 below. The most common categories of possible action are: Prevention: Prevent the risk from materialising or prevent it from having an impact on objectives; Reduction: Reduce the likelihood of the risk developing or limiting the impact in case it materialises; Transference: Pass the impact of the risk to a third party (for ex. via an insurance policy); Contingency plan: Prepare actions to implement should the risk occur; Acceptance: Accept the possibility that the risk may occur and go ahead without further measures to address the risk. Key part of the preparation of the action is to define target dates for implementing the mitigating actions and to name the Risk Manager and the Risk Owner. Each risk is assigned to a single Risk Owner in order to clarify the accountability. Risk Owners are 4
5 generally the Commitment Officers who are responsible for the implementation of the action items and will report on them to the Secretary General. The Risk Manager implements the mitigation action and reports to the Risk Owner. Step 6: Complete the risk register and send it to DIO / follow-up The last step is to complete the risk register in table 4 below and to send it to DIO by the set deadline. DIO will aggregate all risk registers received to a draft organisation-wide Risk Register for submission to the Secretary General and discussion by the Senior Management Group. The central as well as specific risk registers need to be reviewed at least once per year in order to remain up-to-date and to assure accountability for the actions identified. DPFL, DIO and the Oversight Advisory Committee (previously called Audit Committee) will also use the CoE Risk Register. Thank you for your cooperation. Prepared by the Directorate of Internal Oversight. 5
6 Table 4: MAE Risk Register (with example from DIO) Strategic objective: the DIO provides independent oversight to support the Secretary General and senior managers in fulfilling their responsibilities for the effective management of resources of the Organisation through internal audit, evaluation and investigation services. Compiled by: DIO staff Reviewed by: A Eussner Review date: January 2014 Risk Nr Risk area as per table 1 Specific risks in risk area Risk assessment Internal controls currently in place Additional actions planned to mitigate risks identified Target date for implementing the actions planned Risk Manager and Risk Owner Impact 1 Likelihood 1 Exposure 2 1 Human resources Losing key staff M H RED Recruitment constraints M M AMBER Insufficient consultancy funds M M AMBER Staffing table of the directorate as per budget and programme Staff policy Budget controls Develop staff (training, certification) Offer stable employment Motivate Recognise efforts Pro-active and forward looking staff planning, Clear and specific job description in vacancy notices Clarify criteria for the distribution of funds among divisions Agree on the distribution before work programmes are agreed Continuous Continuous I/2014 Head of division X Director of Department Y Head of division X Director of Department Y Head of division X Director of Department Y 1 High Medium or Low 2 Red, Amber or Green 6
Achieve. Performance objectives
Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.
More informationNorthern Ireland Blood Transfusion Service
Northern Ireland Blood Transfusion Service Risk Management Strategy Northern Ireland Blood Transfusion Service Lisburn Road Belfast BT9 7TS Telephone No. 028 9032 1414 www.nibts.org Page 1 of 12 CONTENTS
More informationGUIDELINES FOR PILOT INTERVENTIONS. www.ewaproject.eu ewa@gencat.cat
GUIDELINES FOR PILOT INTERVENTIONS www.ewaproject.eu ewa@gencat.cat Project Lead: GENCAT CONTENTS A Introduction 2 1 Purpose of the Document 2 2 Background and Context 2 3 Overview of the Pilot Interventions
More informationThese guidelines can help you in taking the first step and adopt a sustainability policy as well as plan your further sustainability communication.
SUSTAINABILITY POLICY AND COMMUNICATION GUIDELINES Why communicate about sustainability? IFU encourages all our investments to be transparent and informative about business and sustainability performance
More informationKey Steps to a Management Skills Audit
Key Steps to a Management Skills Audit COPYRIGHT NOTICE PPA Consulting Pty Ltd (ACN 079 090 547) 2005-2013 You may only use this document for your own personal use or the internal use of your employer.
More informationASTRAZENECA GLOBAL POLICY SAFETY, HEALTH AND ENVIRONMENT (SHE)
ASTRAZENECA GLOBAL POLICY SAFETY, HEALTH AND ENVIRONMENT (SHE) THIS POLICY SETS OUT HOW WE WILL MEET OUR COMMITMENT TO OPERATING OUR BUSINESS IN A WAY THAT PROTECTS PERSONAL HEALTH, WELLBEING AND SAFETY
More informationRISK MANAGEMENT POLICY (Revised October 2015)
UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.
More informationSupporting effective teamwork
Supporting effective teamwork A checklist for evaluating team performance CHAPTER 26 : HATCHED Margaret Kilvington and Will Allen Summary Teams can be instruments for achieving changes in culture and practice
More informationSafety Management Systems (SMS) guidance for organisations
Safety and Airspace Regulation Group Safety Management Systems (SMS) guidance for organisations CAP 795 Published by the Civil Aviation Authority, 2014 Civil Aviation Authority, CAA House, 45-59 Kingsway,
More informationRequest for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll
Request for Proposal Supporting Document 3 of 4 Contract and Relationship December 2007 Table of Contents 1 Introduction 3 2 Governance 4 2.1 Education Governance Board 4 2.2 Education Capability Board
More informationRisk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC
Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE
More informationPROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE INTRODUCTION. 1 What is Risk?
PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE This Framework and Guidelines have been developed in support of the CQUniversity Risk Management Policy and are intended for use by the CQUniversity
More informationIntegrated Risk Management Policy
Integrated Management Policy Document reference number Document developed by Quality and Patient Safety Directorate Revision number 4 Document approved by Quality and Patient Safety Directorate Approval
More informationThe report rated this area Substantial Assurance and made 2 housekeeping recommendations.
Audit Committee 21 June 2012 Internal audit report Risk Management review Executive summary and recommendations Introduction Mazars have undertaken a review of Risk Management, in accordance with the internal
More informationRisk Policy and Risk Management Procedures
Risk Policy and Risk Management Procedures Preface The University s Risk Policy sets out The University s approach to risk and its management together with the means for identifying, analysing and managing
More informationInternal Audit Quality Assessment Framework
Internal Audit Quality Assessment Framework May 2013 Internal Audit Quality Assessment Framework May 2013 Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format
More informationAdopted by the Board of Directors on 23 April 2015 with entry into force as of 24 April 2015. OPERATIONAL RISK MANAGEMENT POLICY
Adopted by the Board of Directors on 23 April 2015 with entry into force as of 24 April 2015. OPERATIONAL RISK MANAGEMENT POLICY 1 Contents 1 Purpose... 3 2 Definition of operational risk and general approach...
More informationREGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD.
REGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD. Date and number of approval/modification by the Board of Directors: 36/2010 September 15, 2010 No. and date of approval by
More informationWhite Paper: The Seven Elements of an Effective Compliance and Ethics Program
White Paper: The Seven Elements of an Effective Compliance and Ethics Program Executive Summary Recently, the United States Sentencing Commission voted to modify the Federal Sentencing Guidelines, including
More informationGood Governance Guide. www.accs.ie. Risk Management in Community and Comprehensive Schools
www.accs.ie Cumann na Scoileanna Pobail is Cuimsitheacha Association of Community and Comprehensive Schools Risk Management in Community and Comprehensive Schools Good Governance Guide 2013 Association
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the
More informationPart One: Introduction to Partnerships Victoria contract management... 1
June 2003 The diverse nature of Partnerships Victoria projects requires a diverse range of contract management strategies to manage a wide variety of risks that differ in likelihood and severity from one
More informationGuide to CQI Qualifications for learners
Guide to CQI Qualifications for learners CQI Qualifications and Professional Recognition Quality management is about improving organisational performance in delivering product and service that meet customer
More informationMANATEE COUNTY SCHOOL DISTRICT RISK ASSESSMENT UPDATE PROCESS REPORT
MANATEE COUNTY SCHOOL DISTRICT RISK ASSESSMENT UPDATE PROCESS REPORT Shinn & Company LLC was contracted by the Manatee County School Board (the Board ) to update the current risk assessment. The initial
More informationProject Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee
Management Toolkit Version: 1.0 Last Updated: 23rd November- Formally agreed by the Transformation Programme Sub- Committee Page 1 2 Contents 1. Introduction... 3 1.1 Definition of a... 3 1.2 Why have
More informationV1.0 - Eurojuris ISO 9001:2008 Certified
Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation
More informationPDNPA Project Management Peak District National Park Authority Internal Audit Report 2014/15
Audit, Resources and Performance Committee 20 March 2015 Item 10 Appendix 2 PDNPA Project Management Peak District National Park Authority Internal Audit Report 2014/15 Business Unit: Project Management
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationCHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT
CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT 1 Scope of Internal Audit 1.1 Terms of Reference 1.1.1 Do terms of reference: (a) establish the responsibilities and objectives
More informationKENYA NATIONAL BUREAU OF STATISTICS RISK MANAGEMENT POLICY
KENYA NATIONAL BUREAU OF STATISTICS RISK MANAGEMENT POLICY SEPTEMBER 2009 Table of Contents Pg No. FOREWARD... ii PREFACE...iii CHAPTER ONE... 1 INTRODUCTION... 1 1.0 Background... 1 1.1 KNBS policy statement...
More informationRISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES
RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES GOVERNMENT ACCOUNTING SECTION DEPARTMENT OF FINANCE MARCH 2004 Risk Management Guidance CONTENTS Pages List of guidelines on risk management
More informationThe Learning Zone - Project Management Arrangements
Coleg Gwent Internal Audit Report () 6 June 2012 Overall Opinion The Learning Zone - Project Management Arrangements CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations
More informationSafety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April 2008 1
Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS April 2008 1 Contents 1 Introduction 3 2 Management Systems 2.1 Management Systems Introduction 3 2.2 Quality Management System
More informationThe University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17
The University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17 Summary This paper sets out the University s current obligations and arrangements for
More informationIntroduction. Page 2 of 11
Page 1 of 11 Introduction It has been a year since The Walton Centre brought its recruitment function in-house and it was critical that the organisation took this step. This is a specialist organisation
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationRisk Management: Coordinated activities to direct and control an organisation with regard to risk.
POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic
More informationAnnual Governance Statement 2013/14
31 Annual Governance Statement 2013/14 1. SCOPE OF RESPONSIBILITY ESPO is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money
More informationIT Services Risk Management Strategy
Prepared by: DOCUMENT CONTROL Change Control Table Version Amendment Description Release Date 1.00 Initial Draft Reviewed by DIB 16.01.14 Updated by 1.00 Approved by IT Lead
More informationContract Management Guideline
www.spb.sa.gov.au Contract Management Guideline Version 3.2 Date Issued January 2014 Review Date January 2014 Principal Contact State Procurement Board Telephone 8226 5001 Contents Overview... 3 Contract
More informationLondon Legacy Development Corporation s Statement of Risk Appetite September 2015
London Legacy Development Corporation s Statement of Risk Appetite September 2015 Appendix 1 1. INTRODUCTION 1.1 Her Majesty s Treasury uses the Orange Book definition of risk management The amount of
More informationRisk Management Plan template <TEMPLATE> RISK MANAGEMENT PLAN FOR THE <PROJECT-NAME> PROJECT
RISK MANAGEMENT PLAN FOR THE PROJECT Prepared by: Approved by: Reference: Version: Date: INTRODUCTION This document is the Risk Management
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationRisk Management Policy
Principles Through a process of Risk Management, the University seeks to reduce the frequency and impact of Adverse Events that may affect the achievement of its objectives. In particular, Risk Management
More informationRISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers
Appendix 1 RISK MANAGEMENT POLICY AND STRATEGY Document Status: Draft Originator: A Struthers Updated: A Struthers Owner: Executive Director Corporate Services Version: 01.01.03 Date: 30/3/14 Approved
More informationSMALL BUSINESS OH&S SELF APPRAISAL
SMALL BUSINESS OH&S SELF APPRAISAL This questionnaire is designed to help you judge whether your Occupational Health & Safety Management System (OHSMS) is ready for assessment. Completing this questionnaire
More informationRisk Management Policy
Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012
More informationBusiness Continuity Policy. Version 1.0
Business Continuity Policy Version.0 January 206 Contents Contents Version control Foreword Policy. Scope.2 Aim and objectives.3 Methods and standards.4 Responsibilities.5 Governance.6 Training and exercises
More informationBridgend County Borough Council. Corporate Risk Management Policy
Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk
More informationHigh Assurance Overall, very good management of risk. An effective control environment appears to be in operation.
ANNEX 1 AUDITS COMPLETED AND REPORTS ISSUED The following categories of opinion are used for audit reports. Level of High Overall, very good management of risk. An effective control environment appears
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationGovernment Communication Professional Competency Framework
Government Communication Professional Competency Framework April 2013 Introduction Every day, government communicators deliver great work which supports communities and helps citizens understand their
More informationADVERT POSITION: SPECIALIST: CONTRACTS MANAGEMENT JOB LEVEL: 6 DURATION 3 YEAR CONTRACT LOCATION: NATIONAL OFFICE PORTFOLIO: DSU
ADVERT POSITION: SPECIALIST: CONTRACTS MANAGEMENT JOB LEVEL: 6 DURATION 3 YEAR CONTRACT LOCATION: NATIONAL OFFICE PORTFOLIO: DSU PURPOSE: To lead and facilitate effective organisation-wide contracts development,
More informationMANAGEMENT OF STRESS AT WORK POLICY
MANAGEMENT OF STRESS AT WORK POLICY Co-ordinator: Director of HR Reviewer: Employee Stress Management Advisory Group Approver: OH&S Committee; Grampian Area Partnership Forum Signature: Signature: Signature:
More informationPolicy 10.105: Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January
More informationAberdeen City Council
Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates
More informationUNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2
UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT Purpose of the guide... 2 Risk Management The Basics... 2 What is Risk Management?... 2 Applying Risk Management... 2 The Use of Risk Registers in Risk Management...
More informationMARITIME OPERATOR SAFETY SYSTEM: MARITIME RULE PARTS 19 AND 44
Office of the Minister of Transport Chair Cabinet Economic Growth and Infrastructure Committee MARITIME OPERATOR SAFETY SYSTEM: MARITIME RULE PARTS 19 AND 44 Proposal 1. The purpose of this paper is to
More informationRisk Management Guide
Risk Management Guide Page(s) Introduction 3 The 5 steps to identifying risk 4 Risk Management Process - Step 1 5 Identify - Step 2 Assess Step 3 5-6 6 Control - Step 4 6 Monitor and Review -Step 5 6 Risk
More informationPerth & Kinross Council. Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08. External Audit Report No: 2008/01
Perth & Kinross Council Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08 External Audit Report No: 2008/01 Draft Issued: 11 February 2008 Final Issued: 29 February 2008 Contents Page Page
More informationPeriodic risk assessment by internal audit
Periodic risk assessment by internal audit I Introduction The Good Practice Internal Audit Manual Template, developed by the Internal Audit CoP of Pempal, defines the importance and the impact that an
More informationGuidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004
Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes
More informationGovernance, Risk and Best Value Committee
Governance, Risk and Best Value Committee 2.00pm, Wednesday 23 September 2015 Internal Audit Report: Integrated Health & Social Care Item number Report number Executive/routine Wards Executive summary
More informationPROCESS FOR RISK ASSESSMENT
NHS Cambridgeshire Risk Assessment Framework INTRODUCTION The National Patient Safety Agency (NPSA) defines risk management as the process of identifying, assessing, analysing and managing all potential
More informationGuideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016
Guideline Subject: Category: Sound Business and Financial Practices No: E-21 Date: June 2016 1. Purpose and Scope of the Guideline This Guideline sets out OSFI s expectations for the management of operational
More informationDRAFT. Informing the audit risk assessment for Cheshire Fire Authority. Year ending 31 March 2013 xx April 2013
Informing the audit risk assessment for Cheshire Fire Authority This version of the report is a draft. Its contents and subject matter remain under review and its contents may change and be expanded as
More informationRisk Management Policy
1 Purpose Risk management relates to the culture, processes and structures directed towards the effective management of potential opportunities and adverse effects within the University s environment.
More informationOUR ASSURANCE PLAN 2016/17 MARCH 2016. 1 Our Assurance Plan 2016/17
OUR ASSURANCE PLAN 2016/17 MARCH 2016 1 Our Assurance Plan 2016/17 ABOUT THIS DOCUMENT We publish a range of information about our services and performance. This helps to provide our customers and stakeholders
More informationManaging Your Career Tips and Tools for Self-Reflection
Managing Your Career Tips and Tools for Self-Reflection Your career may well be the primary vehicle for satisfying many of your personal needs, i.e. your need to feel a sense of belonging, to feel appreciated
More informationDIRECTORATE OF AUDIT, RISK FF AND ASSURANCE. Appendix 2a FOLLOW UP REVIEW OF CORPORATE BUSINESS CONTINUITY
DIRECTORATE OF AUDIT, RISK FF AND ASSURANCE Internal (Foundry Audit Forms Service San/ Font size to 20/ the RBG: 160, GLA 160, 170) Appendix 2a FOLLOW UP REVIEW OF CORPORATE BUSINESS CONTINUITY DISTRIBUTION
More informationRisk Management Framework
Risk Management Framework Category or Type Originally approved by, and date Administration and Management Vice Chancellor at VCAG on December 2008 Last approved revision October 2011 Sponsor Chief Operating
More informationHealth and Safety Management Standards
Health and Safety Management Standards Health and Safety Curtin University APR 2012 PAGE LEFT INTENTIONALLY BLANK Page 2 of 15 CONTENTS 1. Introduction... 4 1.1 Hierarchy of Health and Safety Documents...
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationHR Enabling Strategy 2012-2017
This document is yet to be put into corporate format but this interim version can be referred to for the time being. Should you have any queries, please refer to Sally Hartley, University Secretary, x
More informationThe Advanced Certificate in Performance Audit for International and Public Affairs Management. Workshop Overview
The Advanced Certificate in Performance Audit for International and Public Affairs Management Workshop Overview Performance Audit What is it? We will discuss the principles of performance audit. The session
More informationEdwin Lindsay Principal Consultant. Compliance Solutions (Life Sciences) Ltd, Tel: + 44 (0) 7917134922 E-Mail: elindsay@blueyonder.co.
Edwin Lindsay Principal Consultant, Tel: + 44 (0) 7917134922 E-Mail: elindsay@blueyonder.co.uk There were no guidelines/ regulations There was no training No Procedures No Inspectors Inform All staff of
More informationMaking a positive difference for energy consumers. Competency Framework Band C
Making a positive difference for energy consumers Competency Framework 2 Competency framework Indicators of behaviours Strategic Cluster Setting Direction 1. Seeing the Big Picture Seeing the big picture
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationLGMA Qld Governance and Corporate Planning Village Forum
www.pwc.com.au Fraud Risk Management Fraud Risk Assessments LGMA Qld Governance and Corporate Planning Village Forum March 2015 Agenda Introductions Fraud Risk Management Fraud Statistics s Global Economic
More informationPROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management
PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE This Framework has been developed in support of both the Business Continuity and Crisis Management Policy and the Emergency and Fire Evacuation
More informationREHABILITATION SERVICES PROVIDED BY THE CORRECTIONAL SERVICES DEPARTMENT. Executive Summary
REHABILITATION SERVICES PROVIDED BY THE CORRECTIONAL SERVICES DEPARTMENT Executive Summary 1. The mission of the Correctional Services Department (CSD) is to protect the public and reduce crime by providing
More informationInformation Commissioner's Office
Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:
More informationPerformance objectives
Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants. They also outline the values
More informationProcurement of Goods, Services and Works Policy
Procurement of Goods, Services and Works Policy Policy CP083 Prepared Reviewed Approved Date Council Minute No. Procurement Unit SMT Council April 2016 2016/0074 Trim File: 18/02/01 To be reviewed: March
More information7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers
Contents Page 1 Introduction 2 2 Objectives of the Strategy 2 3 Data Quality Standards 3 4 The National Indicator Set 3 5 Structure of this Strategy 3 5.1 Awareness 4 5.2 Definitions 4 5.3 Recording 4
More informationManagement. Level 4 NVQ Diploma in Management (QCF) 2014 Skills CFA Level 4 NVQ Diploma in Management (QCF) Page 1
Management Level 4 NVQ Diploma in Management (QCF) 2014 Skills CFA Level 4 NVQ Diploma in Management (QCF) Page 1 Level 4 NVQ Diploma in Management Qualification Title Credit Value Level 4 Structure Reference
More informationEnterprise Risk Management, Compliance, Management Advisory Services: An Integrated Approach
Enterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach SCCE s Higher Education Compliance Conference June 13, 2011 Objectives Implementing Enterprise Risk Management
More informationUtilizing Defect Management for Process Improvement. Kenneth Brown, CSQA, CSTE kdbqa@yahoo.com
Utilizing Defect Management for Process Improvement Kenneth Brown, CSQA, CSTE kdbqa@yahoo.com What This Presentation Will Cover How to Appropriately Classify and Measure Defects What to Measure in Defect
More information1. This bulletin, which contains the Charter of the Office of Internal Oversight Services (IOS) of
UNIDO/DGB/(M).92/Rev.3 28 January 2015 Distribution: All staff members at headquarters, established offices and permanent missions 1. This bulletin, which contains the Charter of the Office of Internal
More informationDIRECTOR OF PEOPLE & ORGINAISATIONAL DEVELOPMENT NICK MERNOCK EMPLOYEE SUCCESSION PLANNING STRATEGY
AGENDA ITEM: REPORT TO: POLICY & FINANCE COMMITTEE DATE: 19 TH OCTOBER, 2006 REPORT NO. REPORTING OFFICER: CONTACT OFFICER: OFFICERS CONSULTED: SUBJECT: CFO/193/06 CHIEF FIRE OFFICER DIRECTOR OF PEOPLE
More informationDERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY
DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY VERSION 1.0 ISSUED JULY 2015 CONTENTS Page CONTENTS VERSION CONTROL FOREWORD i ii iii POLICY 1 Scope 1 Aim and Objectives 1 Methods and Standards 1
More informationGENERAL TERMS OF SERVICE OF THE BUDAPEST STOCK EXCHANGE LTD. BOOK EIGHT REGULATIONS ON OPERATIONAL RISK MANAGEMENT
BOOK EIGHT REGULATIONS ON OPERATIONAL RISK MANAGEMENT 1 TABLE OF CONTENTS CHAPTER 1 PURPOSE, SUBJECT MATTER, FUNDAMENTAL PRINCIPLES AND SCOPE OF THE REGULATIONS ON OPERATIONAL RISK MANAGEMENT... 3 1 PURPOSE
More informationICSH Guidance Document: Preparing a Risk Register/ Risk Management Plan
ICSH Guidance Document: Preparing a Risk Register/ Risk Management Plan What is a Risk Register? A Risk Register is a document which outlines the potential threats to the ongoing operation of an organisation,
More informationSUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS
SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 ISSUED: 4 th May 2004 REVISED: 27 th August 2009 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS I. INTRODUCTION The Central Bank
More informationRisk Management Policy and Process Guide
Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including
More informationAPPLICABLE TO: Flow Systems Group and all employees. Risk Management
PURPOSE: Flow Systems is committed to managing its risks and ensuring compliance with all relevant laws and regulations in a proactive, on-going and positive manner. This document outlines Flow s Risk
More informationInformation Management Responsibilities and Accountability GUIDANCE September 2013 Version 1
Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1 Document Control Document history Date Version No. Description Author September 2013 1.0 Final Department of
More informationHow To Understand The Importance Of Internal Control
FINANCIAL REPORTING COUNCIL INTERNAL CONTROL REVISED GUIDANCE FOR DIRECTORS ON THE COMBINED CODE OCTOBER 2005 FINANCIAL REPORTING COUNCIL INTERNAL CONTROL REVISED GUIDANCE FOR DIRECTORS ON THE COMBINED
More informationUniversity of New England Compliance Management Framework and Procedures
University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system
More information