Risk and Control SelfAssessment Meghan Patronella CIA CGAP

  • Slides: 15
Download presentation
Risk and Control Self-Assessment Meghan Patronella CIA, CGAP, CRMA, CFE Senior Internal Auditor IIA

Risk and Control Self-Assessment Meghan Patronella CIA, CGAP, CRMA, CFE Senior Internal Auditor IIA Luncheon July 25, 2019

July 25, 2019 Page 2 Definition • IPPF Audit Standard 2120 – Risk Management

July 25, 2019 Page 2 Definition • IPPF Audit Standard 2120 – Risk Management • A method by which both management and staff collectively identify and evaluate risks and associated controls in sessions facilitated by an Internal Audit (IA) team member. • A process to identify potential events or circumstances that may affect the business unit’s ability to meet its objectives and to create a plan to handle those negative potential events. Risk and Control Self-Assessment

July 25, 2019 Page 3 RCSA versus Audit • RCSA differs from an audit

July 25, 2019 Page 3 RCSA versus Audit • RCSA differs from an audit in that the scope of an RCSA is determined by management; the scope of an internal audit is determined by Internal Audit. • An audit includes testing of transactions to determine whether internal controls are operating as expected. RCSA typically does not include testing within its scope of work. • Any recommendations resulting from an audit are formally followed up on by IA. Follow up for action items resulting from an RCSA project are the responsibility of Risk and Control Self-Assessment management.

July 25, 2019 Page 4 Benefits • Offers a proactive, structured framework for assessing

July 25, 2019 Page 4 Benefits • Offers a proactive, structured framework for assessing and controlling risks potentially before consequences occur. • Provides reasonable assurance to stakeholders regarding the achievement of the unit's objectives. • Increases knowledge and understanding of risk and control concepts. • Integrates risk management practices into the organization’s culture. • Creates a relationship-building opportunity. Risk and Control Self-Assessment

July 25, 2019 Page 5 Steps in RCSA 1. Obtain an understanding of the

July 25, 2019 Page 5 Steps in RCSA 1. Obtain an understanding of the process selected. 2. Hold facilitated session in which participants will: a. b. c. d. e. Identify selected process objective. Identify significant risks to achieving objective. Identify and evaluate control activities to mitigate those risks. Discuss gaps in control design, and Develop an action plan to fill control gaps and mitigate identified risks. 3. Reporting Risk and Control Self-Assessment

July 25, 2019 Risk and Control Self-Assessment Page 6

July 25, 2019 Risk and Control Self-Assessment Page 6

July 25, 2019 Page 7 Fleet Management - Tire Repair and • Replacement Objective:

July 25, 2019 Page 7 Fleet Management - Tire Repair and • Replacement Objective: – To ensure the tires on our fleet and equipment are repaired and or replaced at a frequency that is cost effective and ensures the safety of our operators. • Participants: – 4 levels of management from HQ and every service center as well as operational support staff. Risk and Control Self-Assessment

July 25, 2019 Page 8 E L P M A X E Risk and

July 25, 2019 Page 8 E L P M A X E Risk and Control Self-Assessment

July 25, 2019 Page 9 E L P M A X E Risk and

July 25, 2019 Page 9 E L P M A X E Risk and Control Self-Assessment

July 25, 2019 Page 10 Fleet Management - Tire Repair and • Project Highlights:

July 25, 2019 Page 10 Fleet Management - Tire Repair and • Project Highlights: Replacement – Operational support staff were able to communicate difficulties with our software used to create requisitions. Purchasing immediately developed a temporary workaround to relieve frustration, increase efficiency of requisition entry and greatly reduce the need for the use of a MISC line item. – Provided assurance that proper approvals were being obtained before the vendor started work. Risk and Control Self-Assessment

July 25, 2019 Page 11 Fleet Management - Tire Repair and • Project Highlights:

July 25, 2019 Page 11 Fleet Management - Tire Repair and • Project Highlights: Replacement – Proposed the development of an on-call log to better track the repairs or replacements performed after hours. – Identified key replacement vs. repair decisions so that management could formalize expectations in the procedure. – Identified which key data points should be captured in work orders for tire repairs and replacements to allow Fleet management to analyze process performance. – Obtained a cost savings of roughly $290 k Risk and Control Self-Assessment

July 25, 2019 Other Processes Reviewed • • Computer Hardware Inventory Management Employment Eligibility

July 25, 2019 Other Processes Reviewed • • Computer Hardware Inventory Management Employment Eligibility Verification Contract Solicitations Supply Risk and Control Self-Assessment Page 12

July 25, 2019 Page 13 Reminders… • There will be different outcomes based on

July 25, 2019 Page 13 Reminders… • There will be different outcomes based on the level of participation. • There is more than one way to perform or report on RCSAs. • The process should and will constantly evolve as management’s understanding of risks and controls evolve. Risk and Control Self-Assessment

July 25, 2019 Page 14 Questions Risk and Control Self-Assessment

July 25, 2019 Page 14 Questions Risk and Control Self-Assessment

Risk and Control Self-Assessment Meghan Patronella CIA, CGAP, CRMA, CFE Senior Internal Auditor IIA

Risk and Control Self-Assessment Meghan Patronella CIA, CGAP, CRMA, CFE Senior Internal Auditor IIA Luncheon July 25, 2019

Undertaking effective selfassessment 1 What is selfassessment SelfassessmentUndertaking effective selfassessment 1 What is selfassessment Selfassessment
Tomasz Ganobis CIA CGAP CRMA IA ISO 27001Tomasz Ganobis CIA CGAP CRMA IA ISO 27001
Tomasz Ganobis CIA CGAP CRMA IA ISO 27001Tomasz Ganobis CIA CGAP CRMA IA ISO 27001
Governana das Contrataes Renato Braga CISA CIA CGAPGovernana das Contrataes Renato Braga CISA CIA CGAP
FRAUD Presenters Linda Giovannone CIA CGAP Bernard JFRAUD Presenters Linda Giovannone CIA CGAP Bernard J
Richard F Chambers CIA CGAP Vice President IIARichard F Chambers CIA CGAP Vice President IIA
Heart Healthy Overview Meghan Dawes Pharm D MeghanHeart Healthy Overview Meghan Dawes Pharm D Meghan
Importer SelfAssessment Program ISA 1 Importer SelfAssessment ISAImporter SelfAssessment Program ISA 1 Importer SelfAssessment ISA
SELFASSESSMENT ACTIVITIES ONLINE Selfassessment is about students developingSELFASSESSMENT ACTIVITIES ONLINE Selfassessment is about students developing
ANP 2018 selfassessment guidelines Purpose of the selfassessmentANP 2018 selfassessment guidelines Purpose of the selfassessment
SelfAssessment Halley Belcore Essential Questions What is selfassessmentSelfAssessment Halley Belcore Essential Questions What is selfassessment
OFFICE ERGONOMICS SELFASSESSMENT This selfassessment is designed toOFFICE ERGONOMICS SELFASSESSMENT This selfassessment is designed to
Preparing for SelfAssessment Preparing for SelfAssessment Your opportunityPreparing for SelfAssessment Preparing for SelfAssessment Your opportunity
CIA TEATRAL ATOS CENAS A Cia Teatral AtosCIA TEATRAL ATOS CENAS A Cia Teatral Atos