Your SlideShare is downloading. ×
Sample mat wrkpln
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Sample mat wrkpln

230

Published on

Published in: Economy & Finance, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
230
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. E C NS G NC GI O IN TE TI RT IA RA RA O PL PE P M ST O RE CO Internal Environment Sample Enterprise Risk Management Work Plan DEPARTMENT Objective Setting SCHOOL SYSTEMWIDE Event Identification CAMPUS Fiscal Years 20XX and 20YY Risk Assessment Risk Response Revised June 2009 Control Activities Information & Communication Monitoring COSO Element Internal Environment / Objectives Setting Element The internal environment encompasses the management tone of the campus/medical center, and sets the basis for Purpose how risk is viewed and addressed by all employees. It includes the campus/medical center’s risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. Within the context of the campus/medical center’s mission, management establishes strategic objectives, selects strategy, and sets aligned objectives cascading through the enterprise. The enterprise risk management framework is geared to achieving objectives, in four categories: • Strategic – high-level goals, aligned with and supporting our mission • Operations – effective and efficient use of our resources • Reporting – reliability of reporting • Compliance – compliance with applicable laws and regulations. ERM • Develop a campus/medical center risk management philosophy, and a culture that promotes compliance with Initiative top management’s risk appetite, allowing managers to manage risks within their spheres of responsibility Goals consistent with established risk tolerances. • Develop a campus/medical center environment in which risk assessment and risk management (mitigation) is integrated into all business practices and decision-making activities. Internal Environment / Objectives Setting Objectives Focus Areas Project Description Deliverables Lead Timetable Maturity Level*Articulate ERM Steering Steering Committee will Formalization of ERMphilosophy Committee or oversee efforts to identify, Steering Committee andregarding risk work group assess, measure, respond, Chartermanagement, monitor, and report risks.risk appetite, Policy Develop a comprehensive Policy on Managingand risk risk management policy, Riskstolerances governance structure and procedures to assess campuswide risks, develop action plans to mitigate the identified risks, and monitor the risks identified on an ongoing basis.* Many referenced documents are available in the ERM toolkit: http://www.ucop.edu/riskmgt/erm/toolkit.html Page 1 of 5
  • 2. Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June 2009 COSO Element Event Identification / Risk Assessment Element Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Purpose Risks are assessed on an inherent and a residual basis. ERM • Provide a portfolio view of risks (financial, environmental, research non-compliance, workplace disagreements Initiative and injuries, claims and lawsuits, and new and emerging risks) across the entire campus. Goals • Assist the campus/medical center and individual units identify and assess risks, develop action plans to mitigate the identified risks, and monitor the risks identified on an ongoing basis to ensure management’s risk responses are carried out effectively. Event Identification / Risk Assessment Objectives Focus Areas Project Description Deliverables Lead Timetable Maturity Level*Identify risks Risk Survey Survey leaders to identify • Meeting with keyacross campus risks across campus – stakeholders financial, environmental, • Listing of research, workplace, campuswide risks, claims and lawsuits, and prioritized based on new and emerging risks likelihood of occurrence and impact to campusEnable the On-line Risk and Questions and check lists Online checklistsvarious units on Controls Self- for departments to • Separation of dutiescampus/medical Assessment examine processes and • Cash handlingcenter perform Tools procedures for efficiency • Others as identifiedtheir own risk and effectiveness. Theseand control tools can be used toassessments monitor selected risks controls across campus/medical center. Develop an analysis tool Analysis tool identifying assisting departments in strategic, operating, assessing risk for an event reporting, and compliance or activity at the start of risks the contracting process.ERM Tool – ERM Multidisciplinary group Report is completed andAssessments Assessment and owners complete ERM strategy developed.completed prior Assessment exercise.to approval ofnew venturesERM Goals and ERM Strategic Survey completed based Report to Chancellor onObjectives Goal Programs on Goals and risk that could impactaligned with Objectives/key strategic plan.Strategic Plan departments.Risks are Risk Mapping Risk Map completed at Report completed on Riskanalyzed department or campus Mapping evaluation. level.* Many referenced documents are available in the ERM toolkit: http://www.ucop.edu/riskmgt/erm/toolkit.html Page 2 of 5
  • 3. Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June 2009 COSO Element Risk Response/Control Activities Element Policies and procedures are established and implemented to help ensure the risk responses (avoiding, accepting, Purpose reducing, or sharing risk) align with management’s risk tolerances and risk appetite, and are effectively carried out. ERM Assist the campus/medical center and individual units in identifying and assessing risks, develop action plans to Initiative mitigate the identified risks, and monitor the risks identified on an ongoing basis to ensure management’s risk Goals responses are carried out effectively. Risk Response/Control Activities Objectives Focus Areas Project Description Deliverables Lead Timetable Maturity Level*Assist the ERM Process Assist in developing • Controlled Substancescampus with risk Reviews action plans to mitigate Programresponse and identified risks using the • Recommendations forcontrol activities ERM process improving the processthat cross for Reasonablemultiple Accommodationsoperating and/or • Report on investigationscontrol unitsDetermine the ERM Activities Survey current ERM Survey on Enterprise Riskcurrent level of activities and ManagementERM activities communicate results toon campus VC-AdministrationIdentify where Develop Identify location of data Data location listingkey risk and indicators for monitoring key risk completedperformance and performanceindicator data are indicators.located oncampus/medicalcentersDetermine root Retrospective Risk Management brings Retrospective reviews on allcause of risk and Reviews risk owners together pos losses >$50,000.develop risk settlement for review.mitigation planPreplanning for UC Ready Business/Mission Increase in number of plansMission continuity plans are completed.interruption is developed at departmentongoing and level.sustainablePerformance Balance Score Vision, strategy, Balance Score Card programManagement is Card objectives and goals are is implemented.ongoing and set and measured.sustainable.* Many referenced documents are available in the ERM toolkit: http://www.ucop.edu/riskmgt/erm/toolkit.html Page 3 of 5
  • 4. Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June 2009 COSO Element Information and Communication Element Relevant information is identified, captured, and communicated in a form and timeframe that enable people to Purpose carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity. ERM Establish and maintain a campus communications structure/support network to support the University’s risk Initiative management philosophy. Goals Information and Communication Objectives Focus Areas Project Description Deliverables Lead Timetable Maturity Level*Act as a campus Web Site The Controls, Enhanced web siteresource for Accountability and Riskinformation on Management Office webrisk and control site will be enhanced totopics, links and provide useful informationbest practices and linksPush out to the Newsletter In partnership with Audit Semi-annual newslettercampus, risk and Advisory services, theand control staff will produce aissues newsletter called “Risky Business.”Facilitate Training Local training on applying One-hour informationalgreater LMS the ERM model to unit sessionsunderstanding activitiesof ERMInstitutional LMS Content is developed and Increase in documentedknowledge and training is promoted. training.training iscontinuouslyimproved.* Many referenced documents are available in the ERM toolkit: http://www.ucop.edu/riskmgt/erm/toolkit.html Page 4 of 5
  • 5. Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June 2009 COSO Element Monitoring Element Control activities are monitored, and modifications are made as necessary. Monitoring is accomplished through Purpose ongoing management activities, separate evaluations, or both. ERM • Develop measures for monitoring key risks and communicate findings to responsible executives. Initiative • Assist the campus and individual units identify and assess risks, develop action plans to mitigate the identified Goals risks, and monitor the risks identified on an ongoing basis. Monitoring Objectives Focus Areas Project Description Deliverables Lead Timetable Maturity Level*Answer the Metrics Develop key risk indicators • Simple dashboardquestion, “Are Development and key performance for annuallyour controls indicators. The project will monitoring the keyadequately include developing a means risk andmitigating of communicating the performancerisks so that indicators to decision indicatorsthe campus makers. The project would • On-line dashboardcan achieve its build on the work done at for communicatinggoals?” the campus/medical selected monthly centers. key risk and performance indicators* Many referenced documents are available in the ERM toolkit: http://www.ucop.edu/riskmgt/erm/toolkit.html Page 5 of 5

×