Audit Committee

Document Sample
Audit Committee Powered By Docstoc
					 Risk Management

Report to Audit Committee
   26 September 2006
        Lee Harris
 Assistant Chief Executive
             Risk definition
   A risk is defined in our Risk Strategy to
      ‘the threat that an event or action will
     adversely affect an organisation’s ability
          to achieve its objectives and to
        successfully execute its strategies.
     This includes both external and internal
                   Council’s Role
   Set organisational objectives
   Initial and ongoing risk identification and
   Review of adequacy of controls in place
   Risk prioritisation
   Ongoing review and management of high-level risks
   Determine level of independent assurance required
   Seek regular assurance on operation of the system
 Risk and the Assurance Process
Corporate    Corporate     Key      Assurance   Committee   Risk Action
Objectives     Risks     Controls   Processes    /Cabinet      Plan

   Focused management of corporate risks
   Provides evidence to support Statements of
    Internal Control
   Allows prioritisation of effort and actions
   Allows effective performance management
Ongoing risk cycle

    Risk identification and analysis
    Initial identification and ranking of potential
     risks by Corporate Management Team and
    Identification of existing controls in place to
     mitigate risks
    Re-ranking of residual risks based on the
     likelihood of occurrence and their potential
     corporate impact
    Identification of actions to further minimise the
     impact and likelihood of risk occurring or
     having a significant impact
        Risk control and monitoring

   Risks linked to Council’s Critical Priorities and
    key aims
   Corporate register underpinned by Service Risk
   Quarterly monitoring of Risk Management Action
    Plan – reported to CMT, Audit Committee and
   Emerging risks are identified and prioritised
     Planned improvements to Risk
    Management Framework 2006/07
   Improved risk identification;
       More systematic and structured analysis of risk
       Widen consultation and input
   Tighten management of Action Plans
   Strengthened links between Service and
    Corporate Level Risk Registers
   Ongoing shift to risk prevention rather than risk