Confidentiality Statements

Document Sample
Confidentiality Statements Powered By Docstoc
					                       RISKS                                          CONTROL 1
Embezzlement of funds from donors                     Segregation of duties over receipts

Incorrect classification of donations (restricted vs.
unrest)                                               Policy spelling out difference

Noncompliance with donors' terms or intent            Account manager has access to donors' intent

Inability to generate new donations                   Fund raising campaign

Failure to acknowledge donors                         Formal process in receipting process

Misuse of funds                                       Review or approval process

Erosion of principal                                  Separate account for income and principal

Fraud                                                 Background checks

Poor long-term investment performance                 Committee to review investment activity

Mismanagement of funds                                Background checks

Raiding the principal                                 Budgeting

Lack of coordination of fund raising activities and
goals                                                 Central point of contact

Failure to appropriately publicize gifts and donor
relationships                                         Hiring qualified people

Inability to gain access to top mgmt .of potential
donors                                                Fundraising Plan

Inability to move quickly during market changes       Hiring qualified fund managers

Theft of funds                                        Background checks

Failure to meet reporting requirements                Have deadlines / timelines

Lack of faculty & staff involvement in fundraising

Restrictions that make the donation unusable          Have standard language not being restrictive

Controversial investments                             investment policy

Failure to deposit, enter, document, or record gifts
accurately & timely                                  reconciliation process
Misuse of credit card info                           use verisign

                                                     Properly designed file system and data
Lack of ability to retrieve gift documentation       management system

                                                     policy that spells out gifts that have to be
Unauthorized acceptance of gift                      approved

Gift information not reconciled to General Ledger
timely                                            have deadlines / timelines

Failure to provide a gift agreement or tax receipt
to the donor in a timely manner                      Formal receipting process

Lack of security of gifts and gift data              Limit who knows combo to safe

Failure to collect on a valid pledge                 aging report

Provide inaccurate information and/or advice         job training / manual

Failure to provide quality service to donors,
campus units, etc                                    customer service training

Failure to leverage corporate matching gifts         publicize which corps participate in matching

Failure to be responsive to prospects and donors Development Officers maintain call sheets

Untrained staff                                      job training

Unprofessional presentation and practices

Mismanagement of a gift or donor relationship
(too often, wrong amount, ineffective campus
visits, etc)

Failure to maintain and retrieve accurate of donor
data - addresses, etc.                             have centralized database

Failure to clearly communicate with all involved
constituents concerning special events               Communication plan

Event does not meet participants' expectations       Survey participants satisfaction with event

Failure to have contingencies for unplanned
circumstances                                        having a business continuity plan

Inability to execute contingency plans               Test contingency plans

Medical emergencies

Equipment &/or facility malfunction
Inadequate event resources

Lack of appropriate safety & security measures

Risk of alienating a segment of constituents
                 CONTROL 2                                  CONTROL 3
Reconciliation process                     Review of reconciliations

Review of classification determination

Review or approval of expenditures

Have log of donations received to ensure

Reconciliation process                     Segregation of duties

Review or approval process                 Reconciliation process

Contract with qualified fund managers

Review or approval process                 Reconciliation process

Reporting to donors yearly                 Comparison of principal year-to-year

Strategic plan                             develop roadmap of goals

Training                                   Donor acknowledgement policy


Trained staff                              Sufficient staff to carry out duties

Review or approval process                 Reconciliation process

Maintain a calendar with reminders

Prior approval for all restricted gifts

investment committee

segregation of duties                      Gift receipting policy and procedures
background checks                                  restricted access to info

don't give donor credit until documents received

documented policies and procedures for gifts

have review process of reconciliation

Have log of donations received to ensure

Limit access to electronic data with passwords

follow up procedures                               review process of pledges

hiring qualified personnel

                                                   Development Officers have compensation based
have roadmap of goals and objectives               on dollars raised

annual communications to donor verifying

Complaint or feedback log

Test business continuity plan
               CONTROL 4                  CONTROL 5

Segregation of duties

Segregation of duties      Job Training

Segregation of duties
                     RISKS                                            CONTROL 1
Board meeting logistics drain resources

Board interference in operating issues               board orientation session

                                                     define the process by which these members are
Poor selection of affiliated organization board      selected, including desired affiliations/attributes of
members                                              such board members

Board member does not support institution            peer pressure of other board members

No risk management processes                         educate administration and the board on benefits

Assurance is not provided for areas of high risk     bring to management's or board's attention

Individual's private information is not adequately   Documented and publicized procedures to ensure
safeguarded to protect it from misuse                privacy

                                                     sign-off sheets on contracts or other documents
Legal and contractual issues are not reviewed        requiring legal review--processing will not
appropriately                                        continue without required sign-offs

Organizational goals and objectives are not
developed, communicated, and monitored for
achievement                                          publish strategic plan on website

                                                     Structure for communication between upper level
Information is not communicated effectively          administrative officials, such as weekly executive
throughout the organization                          staff meetings

Institutional policies and procedures are not
current and/or easily assessable and understood
by faculty and staff                                 update policies periodically

                                                     require positive annual disclosures from each
Unaware of institutional conflict of interests       board member

Misaligned or outdated strategic directives
(mission & goals)                                    update regularly

Miss a major fraud                                   increase campus awareness

Substandard, disinterested, incompetent or
absent board
                                                  close monitoring of financial situation and
                                                  required approval/update to the board before
Inability to meet financial obligations (bonds)   issuing additional debt

Lack of appropriate director's insurance          periodic review of all insurance coverages

No mission statement or direction                 develop mission statement

Substandard legal assistance

No code of conduct or ethics                      develop and implement a code of conduct

No management policy or accountability

                                                  require positive annual disclosures from each
Board member conflict of interest                 board member
                CONTROL 2                                             CONTROL 3

make board aware of other institutions' difficulties
in this area

list in annual audit plan as an 'uncovered risk'

Testing of IT and manual systems to ensure

develop a strategic planning council, including
various constituent groups, to shepherd the

use of announcement pages or intranet to publish designation of officer responsible for
information                                      communication throughout entity

                                                       Focus sessions, forums, other avenues to explain
publish policies on website                            new or changed policies

                                                       Establish an active anti-fraud or ERM process for
have a fraud hotline                                   the institution
                     RISKS                                          CONTROL 1
Improper planning results in engagement not
addressing risks/concerns                         perform risk assessment

Poor communication with client during the         build on-going communication steps into audit
engagement                                        process

Missed something during the audit that should
have been found                                   multi level review process

Inadequate or insufficient fieldwork              hire qualified staff

Inadequate review of working papers               hire qualified staff

Not following up on tips                          allow time on annual plan for hotline tips

Recommendations not useful or feasible            include mgmt in formulating recommendations

Reports have incorrect conclusions                multi-level review process

Poor time management                              having / enforcing hours budgets

Reports are not issued timely                     setting realistic deadlines

Inefficient resource allocation

Invalid information from client                   Validate info

Lack of client cooperation                        educate client on purpose of office / audit

Lengthy reports that management will not read     provide summaries to upper mgmt

Poor coordination or communication between
team members                                      periodic status meetings to discuss

Reports have typo/grammatical errors              multi level review process

Unnecessary fieldwork performed                   proper supervision

Lack of staff understanding of audit objectives   communication prior to getting started

                                                  Determine audience for report prior to beginning
Reports addressed to inappropriate parties        fieldwork

Give conflicting advice                           team communication

Give advice without proper knowledge              hiring qualified staff
                                                      offer periodic newsletter or tips to campus
Not invited to be provide info or advice              community

Planned audit activities are delayed                  build in hours for special projects

Not able to fulfill client expectations               have entrance conference

                                                      maintain positive relationships with management--
Used as scapegoat                                     to build trust without jeopardizing independence

Mismanage client relations                            hire qualified staff

Unable to respond to request due to lack of
resources                                             communicate resource needs

Quantity or quality of Continuing Professional
Education inadequate                                  track CPE

Not addressing all skill weaknesses                   have CPE plan in place

                                                      have staff present info in staff meeting so all
Not using what we learn                               benefit from CPE

Quantity or quality of teambuilding inadequate        get team input

Failure to provide state-of-the-art audit tools and
resources                                             perform thorough research of audit tools

Mistakes in hiring process                            Background check

Poor communication among staff                        periodic update / staff meetings

Poor customer service                                 proper training of staff

Failure to follow appropriate policies and
procedures                                            proper training of staff

Poor staff management techniques                      training
                    CONTROL 2                                      CONTROL 3
involve mgmt                                     allow time for new risks

proper training                                  Supervisory review

adequate supervision

train                                            multi level review process


Training of staff

staff having knowledge of hours budgets          hire qualified staff

incentive for meeting deadlines                  Continuous communication with client during audit

have multiple sources to verify info

Involve client in audit planning

require management responses before finalizing
audit reports                                    Uses graphics and pictures where appropriate

Risk-based audit program

Involve audit team members in planning

                                                 Require supervisory approval before providing
diversify expertise across staff                 advice
develop marketing program for department--
brochures, posters, etc.

Involve client in audit planning

work in teams                                Train

perform risk assessment

have CPE plan in place                       Fund CPE to encourage performance

Effective performance evaluation system

Train in teambuilding

request additional resources if necessary

Involve staff in process                     Personality test

hiring qualified / proper staff

get feedback / evaluations
               CONTROL 4                          CONTROL 5

proper supervision

Review of working paper during fieldwork

Determine audience for the report and what they
need and want
                       RISKS                                           CONTROL 1
Inadequate communication networks

                                                     assign responsible party to monitor each contract
Breach of contract                                   for performance by both parties


Poor customer service                                provide customer service training

Inadequate funding

Missing or inaccurate data/info

Non-compliance with laws, rules, and regulations training

Fraud                                                hotline

Conflict of interest                                 annual disclosures

Lack of appropriate and current documented
policies and procedures                              assign one responsible party for soliciting updates

                                                     defined process for responding to complaints with
Failure to follow up on employee complaints          more than one party involved

Failure to establish and maintain a safe work
environment                                          periodic inspections

Improper release of personal info                    periodic testing of IT and manual systems

Failure to manage risks                              Documented risk management process

                                                     inform board or upper administration of inability to
Insufficient resources dedicated to Internal Audit   cover all critical risks

Failure to protect intellectual property

Inexperienced or uninformed legal counsel

Not filling key positions with competent individuals
and in timely manner                                 national search

Financial over-commitment

Lack of continuity on governing board                staggered term expirations

                                                     link to performance measures that require specific
Strategies too idealistic                            measurable milestones
Excessive spending on campaigns (capital,
alumni, etc)                                      budget review process

Failure to communicate strategic plan to proper
audience                                          publish strategic plan on intranet or website

                                                  Establish resource allocation process with defined
Favoritism in allocation of resources             criteria

Strategies based on incomplete or inaccurate      appoint strategic planning council with
knowledge                                         representation from multiple constituents

Strategic decisions not aligned with mission or
goals                                             have performance measures tied to strategic plan

Poor contacts and relationships with major
funding sources                                   conduct forums with funding sources

Inactive or non-existent strategic plan           have periodic update of strategic plan

Declining revenue stream

Overspending budget                               periodic review of budget

Lack of timely or accurate budget reports         have deadlines and periodic review of budget

Untimely budget revisions                         have deadlines

Inaccurate projection of revenues and/or
expenses                                          budget review process

                                                  allocation of funds based on strategic plan and
Lack of equitable system for allocating funds     goals and objectives

Management override                               Log of all management overrides

Failure to monitor budget on a timely basis       have deadlines

Inability to make budget decisions based on a
cost/benefit analysis

Lack of understanding of budgeting tools and
techniques                                        training and education for campus community

Incorrect budget system input

Critical information not communicated timely to
working units
Failure to maintain a viable campus master plan

                                                      allocation of funds based on strategic plan and
Resource allocations do not match priorities          goals and objectives

Failure to direct/allocate resources to areas of      make this a focus point of upper administration
excellence                                            and/or the board

Institutional leaders take illegal or unethical
actions                                               administrators trained on 'tone at the top'

Budget and staffing based on bad projections of       Approved assumptions and sources for making
enrollment                                            projections

Poor communication of policy and program
changes                                               Web-based policy and procedures

Failure to define and follow roles and
responsibilities                                      Organization chart

Lack of authority to meet responsibilities assigned

Lack of communication and coordination among
administrators                                        weekly meetings
                   CONTROL 2                                 CONTROL 3

Review and monitoring of compliance

ethics training program


Maintain web-based policies and procedures

post safety laws                             Training

documented policies and procedures on

                                             Properly defined and followed job descriptions
have selection committee                     and qualifications

Develop with broad representation
Establish capital campaign spending budget

Validate significant info

Validate decisions with representatives of

Establish a communication plan with funding

                                                 Conduct input forums to address strategic plan
have performance measures tied to strategic plan updates

                                                    Documentation and approval of assumptions and
justification of large fluctuations from yr to yr   sources used in budget projections

analysis of budget requests                         Defined criteria for the allocation of funds

Analysis of use of management override by
process, manager

Require reports of monitoring activities
Defined criteria for allocating funds

                                                Sanctions for violations of legal and ethical
ethics training and/or certifications           standards

E-mail notification of changes                  Forums and training for significant changes

Clearly defined duties, responsibilities, and

              CONTROL 4                     CONTROL 5

Background checks on credentials and work
history as well as criminal
                      RISKS                                         CONTROL 1
Improper handling of personnel information
(confidentiality)                                   signing confidentiality statements

Benefits are too costly to institution              budget planning

Inaccurate information (leave & vacation
balances, eligibility, service dates)               verify accuracy of info with employees

Benefits are not competitive

Benefits do not meet employee needs                 have cafeteria plan

Inability to attract qualified service providers

Violation of federal & state laws                   central point of contact

Inadequate funding of pension plans                 review by actuary

Unqualified counselors (EAP service)                require appropriate certifications and/or degrees

Failure to have an HR strategic plan

Failure to keep up with the changing ext.

Inappropriate resources allocation                  align budget with strategic plan

Insufficient HR resources

Failure to align HR with institutional philosophy   admin communicate philosophy to HR

Failure to manage and secure data (confident.,
access)                                             lock doors

Failure to identify & manage HR business risks

Improper assignment of HR responsibilities
(centralized v. decentralized)

No business continuity plan

Failure to make required reports timely and
accurately                                          have deadlines / timelines

Lack of documented Policies &Procedures             Documented policies and procedures

Pay scale is not competitive                        market research
Improper or inconsistent classification of
employees                                            periodic review of classification system

Not hiring a diverse workforce                       interview all qualified applicants

Hire the wrong or unqualified person                 have minimum qualifications

Inability to attract qualified candidates            benchmarking compensation packages

                                                     monitoring by independent party that they are
Not performing background or reference checks        done

Poor job descriptions                                have employees involved in updating periodically

Unfair hiring practices                              training

Failure to document hiring process                   required standard forms on all new hires

Fraud or misrepresentation on application            call references

Cumbersome hiring process

Failure to fill open positions timely                job descriptions up to date

Ineffective advertising of positions

                                                     have dept that's responsible for handling
Failure to resolve complaints in a timely manner     complaints

Fraud                                                hotline

Inability to provide cross-training

Inaccurate &/or untimely data capture & reporting

Lack of an employee training plan including

Lack of strategic staffing plan and staffing needs
have not been identified

Compensation system is not based on "sound
practices" and is not uniformly applied

Employee grievance procedures are not clear,
documented, and communicated to all employees periodic review of procedures
Performance appraisal process is not                HR review of employee evaluations completed to
documented &/or ineffective                         evaluations due.

No whistleblower policy                             develop a policy

                                                effective performance evaluation process tied to
Failure to keep and reward productive employees merit pay increases

                                                    communication to learn and try to address
Disgruntled employees                               problems

Increased cost due to training & recruitment

Management not aware of potential problem
areas &/or people                                   implement hotline

Keeping non-performing employees                    document non-performance

Failure to complete and document the separation
process                                         have policy

Failure to document separation                      have policy

Failure to obtain valuable employee satisfaction
info @ exit                                         have formal exit process

Failure to provide appeals process

Failure to provide final compensation @

Unfair or unlawful termination                      document reasons for termination

Failure to communicate separation to required
internal and external units

Lack of budget for training                         mgmt philosophy / training culture at the institution

Lack of documentation or tracking of employee
training taken

Training not provided in appropriate or critical
areas                                               mgmt philosophy / training culture at the institution

Failure to provide employees time from job for
training                                            mgmt philosophy / training culture at the institution

Lack of adequate training facilities &/or equipment mgmt philosophy / training culture at the institution
Training is poor quality or outdated   mgmt philosophy / training culture at the institution

Unequal access to training             mgmt philosophy / training culture at the institution

                                       All newly hired employees provided with ethics
Conflict of interest                   rules.

                                       All newly hired employees are provided with a
                                       copy of the EEO/AA policy and attend the
Discrimination                         required training at New Employee Orientation.

                                       All new employees receive a copy of Discipline
                                       and Dismissal policy during New Employee
Wrongful termination                   Orientation

                                       HR reviews any disciplinary action for non-
                                       probationary classified employee demotions,
Discrimination in employment           suspensions without pay, or dismissals

                                       All newly hired individuals shall have a Form I-9
Employment of aliens                   completed within the first 3 days of employment

                                       Distribution of sexual harassment policy to all
                                       newly hired employees at New Employee
Sexual harassment                      Orientation
                  CONTROL 2                  CONTROL 3
proper training

have a helpline               inform employees of laws

external audit

lock computer when away       limit access

Tickler file

minimal qualifications established

national search

Screening committee

provide justification of choice                     use search committees

verify education

allow positions to be filled before person leaves   efficient hiring process

log and track complaints to resolution

Awareness training on policy
HR periodic, random audit of individual employee
performance evaluations to assure proper completion   HR prior notification to supervisors that initial or
of process.                                           annual performance evaluations will be due.

publicize whistleblower policy

standard forms

standard forms
Ethics training including conflict of interest during HR validation of signatures on training attendance
new employee orientation.                             sheets and identification of missing employees

HR or EEO Office prepares and distributes a         All job descriptions are reviewed to assure that all
statement to employees that states the non-         requirements are bona fide occupational
discrimination policy on an annual basis            qualifications.

                                                    All disciplinary actions that could result in
                                                    demotion, suspension without pay, or termination
                                                    are authorized in advance by HR by departments
Supervisor training in proper investigation,        after a review of documentation and
disciplinary, and termination procedures            appropriateness of proposed action

HR and/or EEO Office involvement in employee
complaints and grievances that allege
discrimination and written requests for             HR conducts position audits to assure that nay
accommodation from applicants and employees         requested reclassification is job related

The individual accepting the Form I-9 shall
examine original documents that prove identity
and authorization to work in the United States

                                                    Periodic distribution of written sexual harassment
Mandatory equal employment opportunity and          policy with compliant procedures for sexual
sexual harassment training at New Employee          harassment and sexual misconduct to all
Orientation                                         employees
HR prior approval of all personnel requisitions and
personnel actions are in conformance with job       Supervisors and others responsible for hiring and
description requirements and the absence of         management of employees attend EEO training
discriminatory bias.                                on a periodic basis

HR approves candidate selection form prior to the
extension of an offer of employment

Intake, assessment, and investigation of all
employee complaints that might be deemed to be
sexual harassment
                       RISKS                                         CONTROL 1
Disenfranchised alumni                               conduct forums with alumni

Hostile community groups                             Be visible

Negative economic status for the state/nation

                                                     Define communication plan with legislature and
Hostile legislature                                  staff responsible

                                                     Define communication plan with city council and
Hostile city council                                 responsible staff

Negative impact on surrounding community             Be visible

Unfavorable relations with specific industries       Be visible

Community and alumni relationships do not
maximize parent, community, business, alumni,
and foundation involvement

Negative incident or relationship with major         conduct forums with alumni and other funding
funding source                                       sources

Lack of effective marketing                          survey of target audience

Poor alumni relations                                hire alumnus

Ill conceived partnerships                           legal/financial review of all such agreements

Liability incurred by entertainment (parties, etc)   insurance

Continued decrease in government funding of
higher education

Loss of special item (state) or earmarked (federal)
funding                                             spend current funding appropriately

Unanticipated regulatory impacts

Ineffective request or proposal for government

Changes in US Dept of Education accreditation
Unethical behavior                                    have an ethics course

Failure to effectively communicate issues to
external community                                    central point of communication

Loss of relationships with state and federal
government leadership                                 Defined point of contact and communication plan

Misinterpretation and/or application of legislation   have legal counsel involved

Untimely and/or inappropriate handling of
contacts with the legislature or other government
bodies                                                Defined point of contact and communication plan

Opportunities for continuing education and public
access are not adequate

Policies and procedures regarding employee
contact with the media are inadequate or not
properly communicated to all employees                central point of communication
                CONTROL 2                          CONTROL 3
keep alums informed of significant institutional

Involve community where appropriate

Involve community where appropriate

Identify needed partners and prepare a
communication plan
Ethics policy and documented knowledge of
policy content
                     RISKS                                          CONTROL 1
Misuse of "sole source" and "professional
services" classifications                          require justification for both classifications

Misuse or abuse of standing (blank) purchase
orders                                             require invoices for individual purchases

Lack of segregation of ordering, receiving, and
approving for payment                              segregate duties

Management override                                Log of all management overrides

                                                   assign responsible person to monitor
Non-compliance with vendor contracts               performance

Ghost Vendors                                      periodic verification of master vendor list

Ineffective year-end cut-off                       review following months transactions

Kickbacks                                          require bids

Non-compliance with applicable laws, regs,
policies & procedures                              education and training

Related party transactions                         annual disclosures by purchasers

Failure to establish an effective centralized
purchasing function

                                                   review of reconciliations by someone other than
P-CARD (pro-card) misuse                           the cardholder

Physical safeguarding of stock and storerooms is
inadequate                                       lock doors

Perpetual inventories are not taken

Purchasing technology is not adequate to support
institution goals and future growth

No evaluation of outsourcing options has been

Purchases are not competitively bid                require bids

HUB vendors are not solicited,                     master list of HUB vendors
Most qualified vendor is not selected/best value
not obtained                                       perform background / reference check

Contract terms are inadequate or unenforceable     have legal counsel review

Conflict of interest                               annual disclosures
                 CONTROL 2                                           CONTROL 3
Review of significant usage and over-usage

                                                  Established policy on what items are appropriate
require reasonable estimate for PO                for blank PO

Analysis of management override activity

                                                  Segregation of duties relating to establishment of
Purchasing restricted to vendors on master list   vendor and selection of vendor for a purchase

Documented and communicated procedures for

have independent party involved in bidding
process                                           policy stating rules

central office that's familiar with laws          Supervisory review

Analysis of purchaser activity

require that receipts are maintained              restrict vendors

fire suppression system                           Limited access

have independent party involved in bidding
process                                           set thresholds for approvals of bids

have HUB office
Supervisory review

ethics training
                CONTROL 4                CONTROL 5

Review of awards by legal and/or award
committee before issuance

restrict items that can be purchased

Approved withdrawal requests
                      RISKS                                         CONTROL 1
Failure to comply w/the Patriot Act                training on Patriot Act

Confusing international laws                       have campus expert on international laws

Fed. Regs that restrict abroad programs            have campus expert on international laws

Fluctuating Monetary exchange rates                require documentation of exchange rates

Political instability in areas of study abroad     have campus expert on international laws

Regressive application of INS policies             have campus expert on international laws

Lack of documented policies and procedures         Documented policies and procedures

                                                   pre-approval / notification of import / export
Impact of import/ Export controls                  activities

Failure to maintain security of students and faculty reevaluate program so students aren't sent to
abroad                                               instable country
               CONTROL 2                                       CONTROL 3

Documented policies and procedures on
programs abroad

monitor exchange rates

reevaluate program so students aren't sent to
instable country                                monitor state department alerts

require proper documentation of status

                                                Develop emergency plan for evacuation from
monitor state department alerts                 foreign study sites
                      RISKS                                            CONTROL 1
Failure to understand who the client is

Failure to effectively handle client expectations

Failure to communicate effectively with clients

Failure to meet deadlines

Failure to provide services in a timely manner        have deadlines

Failure to fully understand & ID the issues

Failure to work effectively with external entities,
(outside counsel)

Failure to differentiate bet. Legal & business        have standing committees of business leaders
decisions                                             and general counsel to discuss issues

Failure to stay current in your expertise             continuing education program

Failure to exercise good judgment

Failure to protect client confidentiality             lock files

Failure to be aware of attorney/client privilege

Failure to meet ethical obligations (conflict of
interest)                                             disclose potential conflicts of interest

                                                      have standing committees of business leaders
Failure to be creative in arriving at solutions       and general counsel to discuss issues

Failure to be proactive in notification of right      have standing committees of business leaders
parties                                               and general counsel to discuss issues

Failure to use commonly understandable

Lack of intra-office communication                    periodic standing office meetings

                                                      have standing committees of business leaders
Failure to know when to refer to others               and general counsel to discuss issues
               CONTROL 2                                   CONTROL 3

tickler file

document retention / shredding policy        training and awareness program

Established and communicated ethics policy
                     RISKS                                          CONTROL 1
Natural disasters                                   have a disaster recovery plan

Ineffective personnel mgmt.

Failure to protect cash assets                      implement cash controls

Failure to maintain a safe & clean physical plant   training

Failure to attract revenue producing events         benchmarking with competitive facilities

Failure to maintain a positive financial position   develop a clear business plan / budget

Failure to coordinate/w ext. gov't. entities        preparation meetings

                                                    annual / quarterly testing of systems by external
Failure to maintain emergency systems               parties

Failure to effectively communicate with potential
users                                               public information announcements

Failure to maintain relationships with sub-
contractors & vendors                               periodic preparation meetings

Untrained employees                                 training

Failure to network/w other event facilities         professional meetings

Lack of crowd mgmt. Process                         have sufficient law enforcement on duty

Unattractive events & amenities                     survey constituents

Failure to comply/w statutory & rule requirements educate employees on rule requirements

Failure to communicate & advertise adequately
                  CONTROL 2                        CONTROL 3
test the plan on a regular basis

reconciliations                     physical safeguards (lockbox)

posted safety laws                  periodic safety reviews or walkthroughs

Feedback from booked events         Monitoring of community interest and needs

perform cost / benefit analysis

In-house testing on current basis

central office of communication

annual review of contracts

preparation meetings


monitor compliance
                  CONTROL 4                   CONTROL 5

clean out till periodically   segregation of duties

Department liaisons
                      RISKS                                     CONTROL 1
Failure to protect & maintain brand integrity   central dept that authorizes use of brand

Lack of knowledge about issues                  hold information meetings

Failure to exercise good judgment               central dept that authorizes use of brand

Poor communications                             hold information meetings

Create legal issues

Failure to manage external contractual
relationships                                   annual review of contractual agreements

Failure to maximize revenue w/o compromising
brand                                           annual review of contractual agreements

Failure to monitor & enforce trademarks         central dept that authorizes use of brand

Failure to keep current in the industry

Failure to allocate revenue appropriately       reconcile revenue accounts
                CONTROL 2                   CONTROL 3

training                    publish guidelines

publish guidelines