Enterprise Risk Management in the Public Sector July 28, 2016 ABOUT - - PowerPoint PPT Presentation
Enterprise Risk Management in the Public Sector July 28, 2016 ABOUT ME Chris Wedor Director of Audit for CDOT Trained as an engineer and became an auditor 14 year career in audit mixed with private and public experience
healthy
$125.70/person $68.94/person
$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$
population
dollars spent/person
vehicle miles traveled
All dollar figures adjusted for inflation
3.3 million 5.4 million
49.3 billion
vehicle miles traveled
27.7 billion
vehicles miles traveled
NV
UT FL SC KY MO MT WY KS AL ND AZ GA SD TN NM WV ME NC OR VT NE MN ID MS NH AK DE VA IL TXCO
IN OK PA OH IA MI WI CT WA LA MD NY AK CA HI NJ MARI
32nd 15th
Denver 34 out
17th
PAVEMENT CONDITION BRIDGE CONDITION SYSTEM RELIABILITY FATALITIES
NV
HI UT TX FL GA MD AL AZ WI KS OR MN KYCO
VA TN AK OH DE MS NM VT ND SC WV ID MT WA IN NE NJ MI NH MO LA IL ME NC AK CA OK IA SD MA NY PA WY CTRI MA
MN CT WA NJ UT RI NH CA MD NY IL VA IN MI OHCO
OR WI VT NV NE GA ID ME IA MO NC AK DE HI FL KS PA WY AL AZ TN NM TX SD OK MS LA KY AR ND MT SCWV
Source: FHWA NBI Data 2014 Source: 2013 FHWA Highway Statistics Source: 2015 TTI Urban Mobility Report
Richmond
Salt Lake Milwaukee Jacksonville … … … Atlanta Indianapolis San Antonio Las Vegas Baltimore Phoenix Dallas MiamiDenver
San Juan P.R. Chicago … … Portland San Jose Seattle SFLA
Large Cities
Fresno
Bakersfield Provo … .. El PasoCO Spgs
Albuquerque ........ New Orleans Stamford CTHonolulu
Medium Cities
Indio, CA
Palmdale Winston-Salem … … … Jackson Stockton … … . Eugene Madison AnckorageBoulder
Small Cities
CO Springs 14
Boulder 22 out
S CALE: BES T to WORS T
Source: 2014 FHWA Highway Statistics
Slide updated June,2015
DEFINITIONS Institute of Internal Auditors
The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.
A situation involving exposure to danger.
Business Dictionary
A probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.
Merriam-Webster
The possibility that something bad or unpleasant will happen.
Internal Control-Integrated Framework Enterprise Risk Management – Integrated Framework
These are the high level goals that are aligned with and support the institution’s mission.
Relate to the ongoing management process and daily activities of the
Relates to the protection of the organization’s assets and quality of financial reporting.
Relates to the
to applicable laws and regulations.
The Internal Environment relates to the general culture, values and environment in which an organization or entity operates (e.g. – Tone at the top)
Objective Setting relates to the process management uses to set its strategic goals and objectives. Establishes the
appetite and risk tolerance.
Event Identification is the process by which an organization identifies events that influence strategy and
affect an
to achieve its
Risk Assessment relates to the
impact and likelihood
prioritizing related risks.
Risk Response relates to determining how management will respond to the risks an
Will they avoid the risk, share the risk, or mitigate the risk through updated practices and policies.
Control Activities represent policies and procedures that an institution implements to address the risks the
to accept.
Information and Communication relate to those practices that ensure that the right information is communicated at the right time to the right people.
Monitoring consists of
to ensure controls are functioning as designed, and taking corrective action to enhance control activities if needed.
Each of these components are considered at multiple levels of the organization, rather than within a single function, unit, or department.
Internal Environment Event Identification Risk Response Control Activities Objective Setting
Information & Communication
Risk Assessment Monitoring
Oversight
Tone at the Top
People Systems Technology
Identify Risk Assess & Evaluate Risk Integrate Risks Respond to Risks Design, Implement & Test Controls Monitor, Assure & Escalate
Risk Categories
Grants Customer Service Information Systems Revenue Assets Weather Preparedness Revenue Contracting Process Safety Vendor Reputation Ethics External Stakeholders Environmental Talent Management Maintenance Resource Allocation Fuel Expenditures Transparency Performance Management Fraud Fleet Management Physical Security
Risk Governance Risk Ownership Risk Infrastructure and Management Transportation Commission, Executive Director Executive Management Team Regions 1-5, Headquarters, Divisions
Risk Description
RF1– Government Grants Ability to ensure that grant policies, procedures and applicable laws are properly followed and that grant payments are proper. RF2– Customer S ervice/ Expectations Ability to anticipate and respond to Colorado citizens’ expectations with regard to transportation budget constraints, infrastructure, ongoing construction, road maintenance including snow removal. RF3– Information S ystems Ability to ensure the security, data reliability and integrity of information maintained in network operating systems. RF4– Revenue Ability to ensure that revenue is properly assessed and timely collected. Manage revenue assurance programs and deter the loss of revenue due to fraud or lack of adherence to established processes. RF5– Contracting Process Ability to effectively manage contracts and ensure compliance with applicable policies, laws and regulations. RF6– Road S afety Ability to ensure that roads are safe and in compliance with standards and legal requirements. RF7– Assets Ability to ensure that assets are properly accounted for and safeguarded. RF8– Vendor Ability to ensure that we attract qualified vendors at reasonable rates. RF9– Reputation Ability to ensure that the reputation of CDOT is of the highest level by ensuring revenues and costs are properly managed and internal controls are working effectively to minimize fraud both from vendors and employees.
Risks fact ors not list ed in order of significance
Risk Description
RF10– Weather Preparedness Ability to timely respond to mitigate the impacts of severe weather on the transportation infrastructure. RF11– Talent Management Ability to attract, develop, and retain sufficient number of talented employees with needed skill sets. RF12– Resource Allocation Effective alignment of programs & resources (e.g., capital, operating and strategic initiatives, budget allocations) with strategic plan to achieve CDOT goals and mitigate risk. RF13– Business Continuity Management Ability to recover from a business interruption (natural disasters, terrorism) that could impact customer trust and operations. RF14– Employee Complaints Ability to effectively align, evaluate, and manage employee grievances that could lead to improved employee morale. RF15– Environmental Ability to ensure that negative environmental impacts from construction and road maintenance is minimized. Ensure compliance with applicable laws. RF16– Employee S afety Ability to ensure a safe work environment to minimize work related inj uries and death and to be in compliance with OS HA and other applicable laws. RF17– Maintenance: Equipment, Facilities, Vehicles Ensure maintenance is properly performed on equipment, facilities and vehicles to ensure safety, functionality and availability to accomplish the mission. RF18– Ethics / Integrity Ability to ensure that CDOT has a high level of integrity among its employees and is following policies, procedures and laws including compliance with mandatory training.
Risks fact ors not list ed in order of significance
Risk Description RF19–Stakeholder Relations Ensure good working relationship exists among various external stakeholders including legislators and various vendor/consulting associations. RF20–Project Management Ability to ensure that construction projects are completed within milestone dates to minimize disruptions to the transportation network that could impact users. RF21–Staffing Ability to ensure staff levels are adequate and aligned with workload requirements. RF22–Physical Security Ability to ensure that building and other CDOT structures are properly secured and used by
RF23–Contract Cost Ability to ensure contract cost are reasonable and within budget. RF24–Employee Expenditures Ability to determine if employee expenditures are reasonable and in compliance with policies and procedures. RF25–Fuel Expenditures Ability to determine if fuel expenditures are reasonable and in compliance with polices and procedures. RF26-Performance Management Ability to promote and maintain a healthy work environment free of harassment and
RF27-Transparency Ensure that information regarding how funds are spent are communicated for external stakeholders
Risks fact ors not list ed in order of significance
RF6 Road Safety RF16 Employee Safety RF10 Weather Preparedness RF25 Fuel Expenditures RF18 Ethics RF17 Maintenance RF9 Reputation RF13 Business Continuity RF1 Government Grants RF5 Contracting Process RF2 Customer Service RF4 Revenue RF23 Contract Cost RF27 Transparency
RF3 Information Systems RF21 Staffing RF8 Vendor
RF12 Resource Allocation RF20 Project Mgt. RF26 Performance Mgt.
RF11 Talent Mgt. RF24 Employee Expenditures
RF7 Assets RF14 Employee Complaints RF15 Environmental RF22 Physical Security RF19 Stakeholder Relations
RF6 Road Safety RF16 Employee Safety RF10 Weather Preparedness RF25 Fuel Expenditures RF18 Ethics RF9 Reputation RF13 Business Continuity RF1 Government Grants RF5 Contracting Process RF2 Customer Service RF4 Revenue RF23 Contract Cost RF27 Transparency
RF3 Information Systems RF17 Maintenance RF19 Stakeholder Relations RF21 Staffing RF8 Vendor
RF12 Resource Allocation RF20 Project Mgt. RF26 Performance Mgt.
RF11 Talent Mgt. RF24 Employee Expenditures
RF7 Assets RF14 Employee Complaints RF15 Environmental RF22 Physical Security