‘

CHARTERED INSTITUTE OF ADMINISTRATORS & MANAGEMENT

CONSULTANTS

PROFESSIONAL LICENSING PROGRAMME

TAMALE MODULE 1

APRIL 2022 BATCH

TAKE-HOME ASSIGNMENT SEVEN (7)

Presented by:

STUDENT NAME:

STUDENT ID #:

STUDENT INDEX #:

July 2022
 RISK ASSESSMENT REPORT
Appendix i: Organizational Health & Safety Risk Assessment of the Gushiegu District Audit Service
Likelihood Actions required to minimize the Intervention Resource
# Risks Identified Occurrence Impact Preventive Measure impact of risks Requirement
1. Fire outbreak. Low High  Remove items from  Provide first aid kits in Firefighting equipment
electrical cupboards & place. i.e., fire extinguishers,
metering areas.  Construct a fire hydrant. fire hydrants, fire
 Install battery-powered  Train staff on first aid blankets, water, etc.
smoke detectors in the entire administration.
office building in the
interim.

2. Regulatory Low High  Invest in compliance  Engage in Regulatory due  Financial

compliance i.e. consultants. diligence. resources.
failure to comply  Train employees on  Ensure compliance moving  Human
with occupational organizational health and forward. resources i.e.
health and safety safety regulations, regulations and
regulations. environmental protection, compliance
etc. officers with a
 Use analytics and well-established
technology to monitor department or
compliance activities. unit in the
 Conduct a half-yearly organization.
compliance risk assessment.

3. Staff sickness Moderate High  Provide medical insurance  Pay attention to employees’  Financial
with a well-being stress levels. resources.
program/incentives.  Provide employees with  Additional
 Offering staff required medical insurance to cater to human
annual leave for rest and their well-being. resources will
recovery.  Log sickness, and trigger be required.
 Periodically conduct sickness absence procedures
medical screening for all after one week.
staff.  Have a fit-for-purpose
sickness absence policy.

4. Failure of utilities High High  Purchase and install a  Purchase and install a  Financial
 causing heat backup generator and/or off- backup generator and/or off- resources
injuries e.g. grid solutions. grid solutions. required
water, and  Provide water storage  Provide water storage  Equipment and
electricity. reservoir on-site or dig own reservoir on-site or dig own material
borehole. borehole. resources
 Move to a location where a  Move to a location where a required i.e.
stable and reliable supply is stable and reliable supply is backup standby
guaranteed e.g. rural guaranteed e.g. rural generator, water
locations have more/longer locations have more/longer storage facility,
blackouts. blackouts. etc.
 Change our processes to
reduce reliance on utilities
e.g. require less water

5. Data security Low High  Train employees on security  Purchase a cyber liability  Financial
breach. awareness. insurance policy. resources
 Lockdown hardware e.g.  Perform regular vulnerability  Data protection
company laptops, and assessments. equipment
disable computer USB  Install backup servers to hold required i.e.
ports. data for recovery of lost data in data leak
 Network and data case of a breach. prevention and
encryption. recovery tools.
 Getting essentials in place
e.g. anti-virus, firewalls,
password use, whitelisting,
access control, etc.
 A RISK POLICY RECOMMENDATION

PRESENTED TO

MANAGEMENT OF GHANA AUDIT SERVICE IN THE GUSHIEGU DISTRICT OF

THE NORTHERN REGION.

PURPOSE OF THIS DOCUMENT

To ensure that the Ghana Audit Service in the Gushiegu District is aware of and

acting upon risks that are reasonably foreseeable to protect the people, property,

finances, reputation, and relationships within the organization. This policy seeks to

form part of the internal control and governance arrangements of the Audit Service in

the Gushiegu District.

The policy, moreover, seeks to propose an underlying approach to risk management,

documents, the roles and responsibilities of the Board, and other key parties. It also

outlines key aspects of the risk management process and identifies the main reporting

procedures. In addition, it describes the process the Board will use to evaluate the

effectiveness of the Service internal control procedures.

UNDERLYING APPROACH TO RISK MANAGEMENT

The following key principles outline the approach that those charged with governance

and control and management of the Ghana Audit Service at the Gushiegu District

need adopt to risk management and internal control:

  the Board has responsibility for overseeing risk management within the

Gushiegu Audit Service as a whole

 an open and receptive approach to solving risk problems needs to be adopted

by the Board

 staff need to support, advise, and implement risk management policies

approved by the Board

 the District Audit Service makes conservative and prudent recognition and

disclosure of the financial and non-financial implications of risks

 all staffs are responsible for encouraging good risk management practices

within their areas of work.

 key risks will be identified by the Board and closely monitored regularly.

ROLE OF THE BOARD

The Board of the Ghana Audit Service in Gushiegu District has a fundamental role to

play in the management of risk. Its role is to:

a. Set the tone and influence the culture of risk management within. This includes:

 communicating the organization’s approach to risk

 determining what types of risk are acceptable and which are not

 setting the standards and expectations of staff concerning conduct and probity.

b. Determine the appropriate risk appetite or level of exposure for Audit Service.
c. Approve major decisions affecting the organization’s risk profile or exposure.

d. Identify risks and monitor the management of fundamental risks to reduce the

likelihood of unwelcome surprises.

e. Satisfy itself that the less fundamental risks are being actively managed, with the

appropriate controls in place and working effectively.

f. Annually review the District Audit Service approach to risk management and

approve changes or improvements to key elements of its processes and procedures.

ROLE OF KEY STAFF AND VOLUNTEERS

The roles of management and staff are to:

a. Implement policies on risk management and internal control.

b. Identify and evaluate the fundamental risks faced by the District Audit Service in

Gushiegu for consideration by the Board.

c. Provide adequate information promptly to the Board and its sub-committees on the

status of risks and controls.

d. Undertake an annual review of the effectiveness of the system of internal control on

behalf of the Board.

RISK MANAGEMENT AS PART OF THE SYSTEM OF INTERNAL CONTROL

The system of internal control incorporates risk management. This system

encompasses several elements that together facilitate an effective and efficient

operation, enabling the District Audit Service in Gushiegu to respond to a variety of

operational, financial, and commercial risks. These elements include:

a. Policies and procedures.

Attached to fundamental risks are a series of policies that underpin the internal control

process. The policies are set by the Board and implemented and communicated to

staff. Written procedures support the policies where appropriate.

b. Reporting.

Comprehensive reporting is designed to monitor key risks and their controls.

Decisions to rectify problems are made at quarterly meetings of the Board.

c. Business planning and budgeting.

The organization’s planning and budgeting process is used to set objectives, agree on

action plans, and allocate resources. Progress towards meeting business plan

objectives is monitored regularly.

d. Self-Assurance Process
The annual self-assurance process is the mechanism by which we assess whether we

are fit to receive public funds. The process assists in assuring that our structures,

plans, policies, and procedures are regularly reviewed and, where necessary, improved

to achieve our objectives and manage our funds effectively.

e. External audits and third-party reports.

An external audit provides feedback to the Board on the operation of the internal

controls reviewed as part of the annual audit.

From time to time, the use of external consultants will be necessary for areas such as

health and safety, and financial and human resources. The use of specialist third

parties for consulting and reporting can increase the reliability of the internal control

system.

f. Risk Management Process.

This policy paper proposes the District Audit Service operates a risk management

process/framework as follows:

 A review of the previous risk management report

 A risk identification exercise for the year ahead

 Evaluation of identified risks using risk assessments

 Manage risks through the application of risk management techniques

  Record and monitor risks using risk registers

 Assigning responsibility for risks to appropriate personnel

 Annual review of the Service Continuity plan

The risk register is reviewed and reported on an annual basis.

ANNUAL REVIEW OF EFFECTIVENESS

The Board is responsible for reviewing the effectiveness of internal control of the

District Audit Service, based on information provided by management. Its approach is

outlined below.

For each fundamental risk identified above in appendix I, the board will:

 review the previous year and examine the organization’s track record in risk

management and internal control

 consider the internal and external risk profile of the coming year and consider if

current internal control arrangements are likely to be effective.

In making its decision the Board should consider the following aspects.

a. Control environment:

 The organization’s objectives and its financial and non-financial targets

 organizational structure and caliber of the staff

  culture, approach, and resources concerning the management of risk

 delegation of authority

 public reporting.

b. Ongoing identification and evaluation of fundamental risks:

 timely identification and assessment of fundamental risks

 prioritization of risks and the allocation of resources to address areas of high

exposure.

c. Information and communication:

 quality and timeliness of the information on fundamental risks

d. Monitoring and corrective action:

 the ability of the Audit Service in Gishiegu to learn from its risk problems

 commitment and speed with which corrective actions are implemented.

A delegated member of staff responsible for risk management is needed to prepare a

report of his/her review of the effectiveness of the internal control system annually for

consideration by the Board of the District Audit Service in the Gushiegu District.