Organization Audit, Risk and Compliance ( ARC ) Working Session November 21, 2017
Reporting Framework (using existing information and reports you already have) Financial report on significant budget risks and presentation of financial statements STRATEGIC PLAN - KPI MEMORANDUM OF monitoring UNDERSTANDING (MOU) & Key Stakeholders with KPIs OTHER that are not met present at CONTRACTS/AGREEMENTS ARC Meeting ERM & EH&S report on Cost Legal, Investigations and Semiannual of Risk, Complex Claims, Whistle Blower matters and Trends trends Risk Registry AUDIT RESULTS Key Stakeholders report in on & mitigation efforts on top MANAGEMENT RESPONSES Residual Risks ARC SERMP IT Security Policy Group Bimonthly Quarterly Management Program Brings Policies forward for present dashboard on review and approval progress
Let’s Understand Risk Enterprise Risk Management RISK AWARE RISK EVENT ? ? ? AT RISK RISK IMPACT RISK CONSEQUENCE ? ? ? RISK IDENTIFICATION RISK MITIGATION RISK RESPONSE ? ? ? RESIDUAL RISK
Possible NEXT STEPS • December - ARC Charter Document available for review • January - First ARC meeting wherein Audit, Risk Management, and Compliance issues and findings are presented (these will be issues that have arisen through the routine processes already in place) • February - March – Development of Risk Assessment and Risk Registry that is aligned with Strategic Plan and KPIs based on review of existing documents, data, and input from ARC Members and others • June – presentation of Risk Registry to ARC Committee and 2nd report in on routine audit, risk and compliance issues and findings • July – December ARC activities to be developed based on Risk reports
Recommend
More recommend