You are on page 1of 11

Risk and Controls 101

Agenda  What is a Risk and Control?  Controls 101  What is Risk and Control?  Control Types  Control Execution  Control Categories  A-123 Process here at LBNL  Process  Risk Map  Control Summary  Wrap-up 2 .

Bankruptcy… 3 . or “what can go wrong” Example: The Airline Industry Risks: Terrorism.What is Risk? A risk is a possibility of suffering harm or loss.

What is a control? A control is an activity that prevents or detects errors to mitigate risks Example: The Airline Industry Controls: Security measures… 4 .

undesirable events management review and action taken on the exceptions Example: The Airline Industry Preventive? Detective? 5 .Two Basic Types of Controls Control Types Description Examples Preventive Controls Prevent undesirable  System controls events from occurring preventing unauthorized access Facilitate desirable events  Restrictions of user overrides  Segregation of duties  Dual entry of sensitive managerial transactions Detective Controls Identify/Detect  Exception reports.

System access Example: The Airline Industry Manual controls? Automatic controls? 6 .Two Ways Controls are Executed  Manual (performed by people)  Examples: Authorizations. Interface controls. Management reviews  Automatic (embedded in application code)  Examples: Exception reports.

Staff who bill accounts receivable Segregation of Duties recording transactions and maintaining custody. (Exception . Separation of duties and responsibilities for authorizing transactions. Screen layouts with required fields. Reports are generated to monitor something and exceptions are Reports of transactions exceeding Exception/ Edit Reports followed up to resolution. limits. Capabilities that individual users or groups of users have within a Password protection linked to level System Access computer information system as determined by access rights are of access. Check whether two items (account balances. 7 .a change to a master file). Process Interface between AP system and Interface/ Conversion Controls used to migrate data from a legacy system. computer systems) are Reconciliation Reconciliation of A/R to G/L.Control Categories Control Category Description Example Legend Approval of transactions executed and access to assets and records Authorization only in accordance with management's general or specific policies Authorization limits. objectives. Financial and non-financial quantitative measurements that are Key Performance Indicators collected by the entity and used to evaluate progress toward meeting A/R over 90 days. consistent. Configuration/ Account Mapping "Switches" to secure data against inappropriate processing. configured in the system. performing oversight of the activities performed. Items must be from different systems or records. A person different from the preparer analyzing evidence and Management Review Manager review of reconciliations. Controls over moving data between computer systems. Edit . do not post cash collections. and procedures. GL system.a violation of a set standard.

LBNL Process • Perform a risk assessment using the financial Risk statements Assessment Document • Identify controls in processes Controls • Test controls for their effectiveness by pulling a sample Test of transactions Controls • Identify control deficiencies and create a corrective Remediate action plan (CAP) Report to • Report in FMA Tool and Annual Assurance letter DOE 8 .

Project Cost Management 10. Receivables Management Benefits Administration 3 12. Acquisition Management 8. Environmental Liabilities 4 6. A-123 Risk MAP FY12 Risk Ranking 5 1. Funds Management 2 3. Payables Management 9. Travel Impact 5 6 8 7 1 2 1 3 1 1 1 0 9 1 3 5 Likelihood Inherent High Medium Low Risk Key: 9 . General Ledger Management 1 2. Payroll 7. Revenue Recognition 13. 11. 4. Cost Management Property Management 3 5.

Key Control Summary-FY12 Process Manual Automated Total Funds 0 0 0 Cost 3 0 3 GL 5 1 6 Property 5 0 5 AP/Improper 8 3 11 Payments Project Cost 20 3 25 Management Acquisitions 19 6 25 Payroll 10 9 19 Environmental 16 3 19 Liabilities IT* 5 7 12 Totals 91 32 123 * Internal Audit to Test 10 .

gov 11 .Wrap-Up Questions? Contact – jwick@lbl.