risk assessment management on an organizational level · risk assessment management on an...
TRANSCRIPT
Risk Assessment Management on an Organizational Level
Trine Tengbom/Nils Petter HaugeInternal Audit department
International Workshop on Accountability in Science Funding, May 31, 2006
What to talk about
1. RCN – Organisation
2. RCN – Key figures
3. Models: Risk Assessment Management
4. RCN – Implementing risk assessment management• Step 1 – 8 including role of internal audit
The Research Council of Norway- Organisation (1)
Division for Administrative Affairs
Division for Science
Division for Innovation
Division for Strategic PrioritiesDirector General
Staff
International unit
Division for Administrative Affairs
Division for Science
Division for Innovation
Division for Strategic PrioritiesDirector General
StaffInternational and EU
Media and Public Relations
The Research Council of Norway, -Organisation (2)
Research Board
Research Board
Research BoardExecutive Board
Internal auditing
0 1000
Key figures (1)
Pro-grammes
Independent projects
Infra-structure Misc.
Division for Innovation
Division for Science
mill. NOK
Division for StrategicPriorities
Total NOK 5237 mill.
administration incl.
Network
0
1000
2000
3000
4000
5000
1993 1995 1997 1999 2001 2003 2005
Budget development (1993-2006)Key figures (2)
1993-NOK
Mill. NOK
1. The Enterprise Risk Management framework has eight interrelated components
2. Entity objectives can be viewed in the context of four categories
Strategic OperationsReportingCompliance
3. ERM considers activities at all levels of the organization
The Enterprise Risk Management Framework(The Coso ERM framework)
CONTROL ENVIRONMENT
IMPLEMENTING RISK ASSESSMENT
OBJECTIVES, RISKS, CONTROL ACTIVITIES, MONITORING
INFO
RM
ATIO
N A
ND
CO
MM
UN
ICATIO
N
CONTROL ENVIRONMENT
1. STRATEGY
2. PROSESS
3. IDENTIFY OBJECTIVES
4. IDENTIFY CRITICAL SUCSESS FACTORS
5. IDENTFY RISKS
6. RANK THE RISKS
7. CONTROL ACTIVITIES
8. MONITORING
STEP 3 – 8 ON STRATEGIC LEVEL, DIVISION LEVEL, PROJECT LEVEL, PROSESS LEVEL ETC.
NORVEGIAN GUIDE (GOVERNMENT AND MINISTRIES):
RISK ASSESSMENT MANAGEMENT
Enterprise Risk Management (ERM)
Risk activities
Objectives per year per division
Performance targets
Actions
Objectives
VisionSt
rateg
y for th
e Rese
arch
Counc
il
of Nor
way
Control activities
Monitoring
Implementing risk assessment - RCN
Step 1: Identify status Internal auditMethology (KPMG)Intervju managementIntervju internal audit department
Step 2: Implementation plan Management Internal audit
Step 3: Identify objectivesStrategy for the Research Council of NorwayBusiness objectives
Step 4-8 Some ideas
Step 1 – Status Risk Assessment
00,5
11,5
22,5
33,5
4Control Environment
Objective Setting
Risk AssessmentControl Activities
Monitoring
Role of Internal Audit
STEP 2: IMPLEMENTATION PLAN
Step 3: Strategy for the Research Council of Norway:Research expands frontiers
The Research Council will work to increase the value of society’s investment in research activity
The Research Council has three principal tasks:1. To serve as an advisory body on research
strategy issues2. To finance research3. To create meeting places and networking
opportunities for relevant players from research, trade and industry and public sector
Step 4 – 8 Models that can be useful
Risikokart
Ubetydelig
Liten
Svært alvorligAlvorligModeratLav
Meget liten
Moderat
Stor
Svært stor Kritisk
Lav
Moderat
Høy
Risiko
Konsekvens
San
nsy
nli
gh
et
1 2
3
Step 6: Rank the risks
Forebyggende
Automatiske
Oppdagende
Manuelle
Hva slags kontroller har vi?
Step 7: Control activities
Information about RCN and Norway
http://www.forskningsradet.no
http://www.norway.no/Default.asp?