Risk & Controls Toolkit

7/23/2019 Risk & Controls Toolkit

1/15

RISK AND CONTROLS ASSESSMENT TOOLKITRisk Services

fce o Ethics, Risk, and Compliance Services

DASHBOARD: RISK & CONTROLS ASSESSMENT TOOLK

PHASE I: RISK ASSESSMENT PHASE II: CONTROLS GAP ANALYSIS

WORK STEP: 1. Ie!"i#$ "%e i! ). D'c*+e!" e,c -. Ie!"i#$ '/ec" . Ie!"i#$ "%e c' 4. De"er+i!e 5%i 8. Deve2'

O9TP9T DELI;ERABLE


2/15


T''2ki" Overvie5:

T''2ki" @*!c"i'!,2i"$:

N,vi3,"i'! Ti(s:

Ofce o Ethics, Risk, and Compliance Services

'().*+.-(

/r. (.(.(

Re"*r! "' D,s%',r

RISK & CONTROLS ASSESSMENT TOOLKIT

9si!3 "%e T''2ki"

$his toolkit provides the overall process, 0ork steps, 0ork templates, and e1amplto help yo" %a& identiy the risks inherent in a process or pro2ect, %3& assess those

risks and rank them 3y severity, %c& identiy the controls that miti!ate the risks, a%d& determine i the controls are ade4"ately miti!atin! the risks.

Dependin! on yo"r pro2ect and 0here yo" are 0ith it, this tool can help yo" to caro"t all or 2"st some o these activities.

$he main pa!e or the toolkit is the ,s%',r0 0hich provides an overvie0 o thprocess, and contains hyperlinks to 0orksheets or each o the seve! 5'rk s"e(that make "p the process.

By clickin! on a dash3oard 0ork step, the "ser is taken to a 0orksheet or thatstep. 5ll the 0orksheets are or!ani6ed in the same 0ay, containin! the samereso"rces or carryin! o"t that step.

$he reso"rces or each 0ork step incl"de statements descri3in! the p"rpose o th0ork step and its o"tcomes, a listin! o the specic tasks that m"st 3e carried o"tto complete the 0ork step, tips, templates that can 3e do0nloaded and lled o"t,and e1amples o completed templates.

8o" may need to 6oom in or o"t in yo"r version o E1cel to optimi6e the vie0 oeach 0orksheet.

8o" may need to scroll p or do0n to see all the content availa3le or that pa!e.

5dvanced E1cel "sers9 5ltho"!h the orm"la 3ar, headin!s, and !ridlines are notsho0n, and each sheet is :locked,: there is no pass0ord to "nlock each sheet so

yo" eel yo" need to ad2"st a settin! to improve yo"r interaction 0ith the toolkit,yo" are a3le to do so.

$o report any "nctionality iss"es 0ith the toolkit, please contact9

H,!s G*eDirector, Enterprise Risk Services

h!"de;3erkeley.ed"

Re"*r! "' D,s%',r
mailto:[email protected]:[email protected]


3/15


Ofce o Ethics, Risk, and Compliance ServicesUC Berkeley

W'rk S"e(:

P*r('se:

O*"(*" De2iver,2e


4/15



UC Berkeley

SAMPLE PROCESS CATEGORIES AND S9BCATEGORIES

@i!,!ci,2 Re('r"i!3

B"y to ay

Financial Close

ayroll rocessin!

H*+,! Res'*rces

Gire to Retire

Re0ards and Reco!nition

Employee Development

I!#'r+,"i'! Tec%!'2'3$

End


5/15



W'rk S"e(:

P*r('se:

O*"(*" De2iver,2e


6/15



W'rk S"e(:

P*r('se:

O*"(*" De2iver,2e


7/15



Te+(2,"e


8/15



UC Berkeley

SAMPLE OBECTI;ES

5ll cate!ories o compensation that sho"ld 3e reported are reported

5ll compensation reported is acc"rate

5ll e1penses char!ed to the UCB !host card are valid and a"thori6ed

5ll travel vo"chers are inp"t and processed acc"rately and timely

Camp"s sec"rity and privacy re4"irements are met

Employee compensation and 3enets are acc"rate

=normation in the S=S is "p to date

=normation s"3mitted to UCO is properly a"thori6ed

=$ investments are ali!ned 0ith the camp"sLs =$ standards

ersonnel records are acc"rate and complete

Si!nicant nancial savin!s or the camp"s m"st res"lt

StaI are hired possessin! the skills appropriate to the position

$echnolo!y s"pport services are delivered timely and eIectively

$ravel vo"chers are properly approved

Re"*r! "' W'rk S"e( -

5ll employees 0ho sho"ld 3e incl"ded in the 5REC report are

incl"ded, and only those 0ho sho"ld 3e incl"ded are incl"ded

Centers m"st meet the operational needs o "sers and 3eacco"nta3le to "sers

Conorm 0ith the allo0a3ility o costs provisions o 5


9/15


SAMPLE RISK AND CONSEF9ENCES STATEMENTS

S,+(2e O/ec"ive S,+(2e Risk S","e+e!"s S

Preve!" #'''r!e i22!ess.

Preve!" 2,'r,"'r$ i!/*ries.

Re"*r! "' W'rk S"e( -

Preve!" e!vir'!+e!",2

c'!",+i!,"i'!.

oll"tants %chemical, radiolo!ical, 3iolo!ical& co"ld 3e

released to the atmosphere.

"3lic heal 5!ency ne Bad p"3lic

One or more persons co"ld 3ecome ill thro"!hcons"mption o contaminated ood.

=n2"ryHdeat Bad p"3lic Dama!e to a0s"its. oss o rev

5ll or part o the 3ody co"ld 3e e1posed tochemical%s&.

StaI, ac"l oss o res State nes Bad p"3lic Dama!e to $emporary

M,i!",i! i!*s"r$ 9CB s",!,rs#'r s$s"e+ ,! !e"5'rk sec*ri"$.

rotected inormation may 3e inappropriatelyaccessed and released.

Chan!e in S"32ect to rd party a State and

E!s*re "%," 3i#"s ,re (r'cesse,cc*r,"e2$ ,! "i+e2$ ,! c'!7r+"%," #*! "er+s %,ve ee!,cc*r,"e2$ rec're i! "%e Berke2e$@i!,!ci,2 S$s"e+.

F"nds may 3e improperly "sed d"e to "nd terms3ein! inacc"rate or incomplete.

?eed to re oss o tr"s oss o "t"

Aress is,i2i"$ !ees '# s",5%' re*es" ,cc'++',"i'!s.

Re4"ested accommodation may 3e inappropriatelyaddressed.

iti!ation Complaints ossi3le co

E!s*re (r'3r,+ services0 ,",c,("*re ,c"ivi"ies ,! re('r"i!3,c"ivi"ies c'+(2$ 5i"% 9C ('2ic$ ,!#eer,2 s","e is,i2i"$ 2,5s.

#edical treatment and 3enets may not 3eappropriately provided to employees.

Recovery oreinstatemen oss o sel Fines %spec rd party a

Pr'vie e!"er",i!+e!" e>(e!serei+*rse+e!" ('2ic$ 3*i,!ce ,!i!"er(re","i'!.

Employees co"ld s"3mit e1pense reim3"rsementre4"ests or "nallo0a3le e1penses.

C"stomers cpayment to t


10/15



A((r',c% S*++,r$ H'5 D'!e

RiskOrie!"e A((r',c%

Me"ricOrie!"e A((r',c%

Re"*r! "' W'rk S"e( -

TECHNIF9ES @OR IDENTI@YING RISKSSo"rce9 ERM or Dummies, /ance and #akomaski, iley "3lishin!, ))7

O/ec"ivesOrie!"eA((r',c%RECOMMENDED

Starts rom the perspective o theor!ani6ationLs o32ectives.

Phat risks or events co"ld ca"sethe or!ani6ation to not meet its !oalsand o32ectivesKQ

@Cthrevtie@G@G

Foc"s on the risks themselves. 8o"0ant people to spec"late a3o"t 0hatevents or "ncertainties mi!ht ca"sethe or!ani6ation "naccepta3le levelso disr"ption.

Phat are the most important risksyo" 3elieve yo"r or!ani6ation acesKQ

hpepe

Foc"s on risks that have a 3earin! on

or!ani6ationLs key metrics %=s HS5s&

?"m3ers driven. 5ppropriate or

or!ani6ations oc"sed on nancialperormance metrics.

Co

ris

O(('r"*!i"$Orie!"eA((r',c%

Departs rom the Pne!ativesQapproach to risk identication. Startthinkin! a3o"t 0hat lie like in a risk

Risk & Controls Toolkit

Documents

Transcript of Risk & Controls Toolkit