HARVARD UNIVERSITY Risk Management & Audit Services FAD DEPARTMENT OVERVIEW: Risk Management & Audit Services March 11, 2008 Who We Are HARVARD UNIVERSITY Risk Management & Audit Services Mission HARVARD UNIVERSITY Risk Management & Audit Services “To assist University management and governing boards in identifying, managing and mitigating risk and ensuring risk management processes are integrated into the University’s business practices and academic and research activities” We offer independent, objective assurance and consulting services to our customers. Our approach is to bring a systematic, disciplined, and proactive approach to evaluate and improve the effectiveness of risk management and control processes. • Risk Assessment • Loss Prevention • Control Enhancement ROLE HARVARD UNIVERSITY Risk Management & Audit Services • Value-Add services Recommend cost effective measures to improve controls and reduce exposures to risk • Promoter of Change Work with management to implement new processes including monitoring techniques • Independence Independent mental attitude to make objective professional judgments • Objectivity Report matters as they are, rather than as one would like them to be Fiscal Year 2008 Goals • – – – – HARVARD UNIVERSITY Risk Management & Audit Services Complete the Risk Management & Audit Services Work Plan Provide effective audit coverage aligned with University risks Monitor risk exposures Perform risk assessments Renew insurance policies • Reach out to the Schools/departments – Customized consultation on risks, internal controls and insurance requirements • Minimize probability, occurrence and financial impact • Improve control environment – Internal controls assessments using operations self assessment tool • Support assessment of emerging trends – New regulations or industry standards – Provide resources to identify, assess and communicate impact of emerging risks and existing business risks – Identify and evaluate insurance programs Fiscal Year 2008 Goals • HARVARD UNIVERSITY Risk Management & Audit Services Standardize the construction audit and reporting process. • Provide ongoing support to the JCI in the oversight and monitoring of risk and University financial operations and compliance controls. Advance accountability – Monitor internal metrics – Advance accountability with senior management through engagement in audit closing process and development of agreed-to actions. • • Expand the University Hotline services – Roll out web-based anonymous reporting – Develop and implement Hotline remarketing and communication plan. Financial, Operational & Compliance Audit Group HARVARD UNIVERSITY Risk Management & Audit Services • Performs Financial, Operational & Compliance audits - Risk based approach - Compliance audits include A-133 & NCAA - Facilitates control self-assessments - Manages external consultants Director Open Team Matthew Boudreau Kevin FitzPatrick Amy Garganta Michael Monaghan Greg Murray LaToyia Snype Paul Stone Miriam Vazquez • Teams up with Information Systems Group on Integrated Audits • Provides Advisory Services such as consultation on policy development and new procedures • Develops and delivers training on internal control matters including student organizations • Follows up on audit findings - PAA Construction Audit Group HARVARD UNIVERSITY Risk Management & Audit Services • Manages external audit consultants in performing audits of construction projects >$5M • Performs audits of select construction projects <$5M • Consults with project managers on construction issues • Identifies and communicates construction audit trends • Serves on various committees i.e. contract language, construction management, site security Construction Auditor Neal Milden Strategic Planning HARVARD UNIVERSITY Risk Management & Audit Services • Manages risk assessment process • Performs risk analysis – evaluates likelihood and impact of risks identified • Staffs Risk Management Committee • Prepares and monitors department budget • Manages compliance hotline reports • Special Projects Manager Amanda Dicob Information Systems Audit Group • Performs Information Systems Audits; evaluates system security, data integrity, reliability and availability • Performs IT Governance audits using CoBIT HARVARD UNIVERSITY Risk Management & Audit Services Associate Director James Yung Team Ruth Arseneau Rick Kellan Kevin Littlefield Gary Murphy • Conducts compliance audits – PCI, HIPAA and FERPA regulations • Participates on committees focused on security policy • Facilitates control self assessments with management • Supports department electronic risk assessment and working paper application; currently implementing a new application • Follows up on audit findings Insurance Group HARVARD UNIVERSITY Risk Management & Audit Services • Manages the University’s insurance portfolio (property & casualty, D&O, Auto, Fine Arts, kidnapping and ransom etc) - self insurance - commercial insurance • Administers the owner-controlled insurance program for construction projects • Manages relationships with brokers and third party administrators • Manages claims o Adjusts claims o Manages recovery o Pursues subrogation against third parties Director Open Team Johanna Delahunty Mark Frazier Roy Gray Victor Greene • Administers ISOS service contract; responds to inquiries and requests • Identifies new areas of exposure; collaborates with others to implement ways to mitigate risk e.g. loss prevention programs, insurance, training etc. • Consults on insurance and risk management, including contract review Where We Are HARVARD UNIVERSITY Risk Management & Audit Services 3rd Floor – Financial, Operational & Compliance Construction Information Systems Insurance 1033 Massachusetts Avenue Current Openings Position HARVARD UNIVERSITY Risk Management & Audit Services Group Hiring Manager Director, Financial, Operational Financial, Operational & Director, RMAS & Compliance Audit Compliance Audit Director, Insurance & Risk Strategy Owner-Controlled Insurance Manager (to be posted) Asst. Dir. of Audits and Compliance (to be posted) Administrative Assistant Insurance Insurance Director, RMAS Director, Insurance Financial, Operational & Director, Financial, Compliance Audit Operational, & Compliance Audit RMAS Director, RMAS Evaluating need for additional resources to support property and casualty and claims in insurance. General Qualifications HARVARD UNIVERSITY Risk Management & Audit Services AUDIT: • BS – Accounting, Business Administration, Finance, Information Systems or related field • Audit experience in public accounting or internal audit environment • Certification – CPA, CIA, CISA • Excellent skills in • Verbal and written communication • Business process evaluation • Analytical • Risk assessment • Computer including data analysis INSURANCE: • Industry experience – five years • Bachelors degree HARVARD UNIVERSITY Risk Management & Audit Services Questions?