providing assurance and addressing stakeholders ... · internal audit manager at canal de isabel...
TRANSCRIPT
Providing assurance and addressing stakeholders' expectations
Risk management in the Public Sector
Soledad Llamas Tutor
Internal Audit Manager at Canal de Isabel II, Madrid, Spain
Chair of the Cooperation Committee ECIIA_EUROSAI
IAS Conference 2018 - "Internal Audit: Embracing the challenges of the future"
6 November 2018
GESTIÓN DE RIESGOS
PIT STOP F1GOAL: Change the wheels and make adjustments in less than 2 sec.
Risks:
Forget some element.
Stall the car.
No coordination.
Grease in the pit lane.
Bad comunication between the workers and the pilot.
What is the probability? How many times has previously happened?Is it possible to happen again?
What is the impact?How many seconds do we lose if it happens?
Likelihood
Impact
GESTIÓN DE RIESGOSRisk: Bad comunication between theworkers and the pilot
Probability: HighImpact: Very high
Control: Lollipop Man
Risk: Stall the car Probability: Low
Impact: Very highControl: Starter man
Risk: Grease in the pit laneProbability: Very high
Impact: LowControl: Cleaning
IMPACT
LIK
ELIH
OO
D
Risk: Bad comunication between the workers and the pilot.
Risk: Creek the car .
Risk: Grease in the pit lane. Risk: Grease in the pit lane.
Risk: Bad comunication between the workers and the pilot.
Risk: Stall the car.
Risk: Bad comunication between the workers and the pilot.
Risk: Stall the car.
Risk: Grease in the pit lane.
GESTIÓN DE RIESGOS
Risk management
in the Public Sector
1. Risks
Identify risks.
Emerging risks
2. Evaluation
Define common rules to assess risks.
Evaluate likelihood and impact of risks.
Indicators. KRI.
3. Controls
1Identify Risk
1. Risks. Identify the risks.
COSO. ERM
IIA
Inside company (whistleblowing)
Evaluation of incentives to workers
Possible removal of controls
1. Risks. Identify the risks.
Examples Lack of control to prevent the dividing of a public contract into several smaller ones.
The absence of code of conduct.
Lack of agility in the public procurement process.
Excessive staff turnover.
Lack of back up for key staff.
Lack of rotation of personnel in sensitive posts.
Inadequate management of access control systems.
Very difficult to achieve objectives.
Low salaries in relation to the market.
How often do we attend a congress for another sector?
How often do we review our risk catalogue?
When was the last time we added a new risk?
1. Risks. Emerging Risk.
2Evaluation
2. Evaluation. Define common rules to assess risks.
Impact Likelihood
How significant could the effects be if it
happens?
The probability of ithappening
1 - Low 2 - Moderate 3 - Likely 4 – Very likely
<20% 21% - 50% 51% - 90% > 90%
It could happen, but it is very unlikely
It could happenThe probability of
occurrence is greater than it not happening
You could almost saywith certainty that it will
happen
Examples
2. Evaluation. Define common rules to assess risks.
Likelihood:
2. Evaluation. Define common rules to assess risks. Examples
Impact
1 - Low 2 - Moderate 3 - Severe 4 – Very severe
Finance – Reduction of EBITDA <3% 3%-5% 6%- 10% > 10%
Strategic/Reputational
Low impact on reputationModerate impact on
reputationImportant impact Very important impact
Lack of/problems with the drinking water
Affects fewer than 1.000 people
Affects between 1.000 and 3.000 people
Affects between 3.000 and 5.000 people
Affects more than 5.000 people
Loss of water
< 2.000 m3 < 5.000 m3 > 2.000 m3 < 10.000 > 5.000 m3 >10.000 m3
News in media: press, internet
Local mediaSome news in local and
national press and tvNational media International media
Risk: Lack of agility in the public procurement process.
ExamplesKRI
KRI. Likelihood:- Nº of contracts with processing time greater than XX days.- (%) Number of contracts with processing time greater than XX days / Total number of contracts.
2. Evaluation. KRI. Key Risk indicators.
KRI. Impact: € for public procurement in one year.
Risk: Lack of agility in the public procurement process.
ExamplesKRI
2. Evaluation. KRI. Key Risk indicators.
KRI. Likelihood:- Nº of contracts with processing time greater than XX days.- (%) Number of contracts with processing time greater than XX days / Total number of contracts
Type KRI 1 2 3 4 KRI value
LikelihoodNº of contracts with processing time greater than XX days
20 40 100 500 YY
Likelihood(%) Number of contracts with processing time greater than XX days / Total number of contracts
5 10 15 20 ZZ
Risk value
Risk: Lack of agility in the public procurement process.
ExamplesKRI
KRI. Impact: € for public procurement in one year.
2. Evaluation. KRI. Key Risk indicators.
Type KRI 1 2 3 4 KRI value
Impact€ for public procurement in one year
20 150 300 500 XXXX
Risk value
3Controls
Define controls.
Evaluate the design and effectiveness of controls.
3. Controls.
4Conclusions
RISK
KRI
Likelihood
Impact
CONTROLS
Design
Effectiveness
PROCESS IN THE RISK MANAGEMENT
What is the percentage of Public Entities in Europe
with Risk Department?
More than 60%
Between 40% - 60%
Between 20% - 40%
Less than 20%
Don’t know
What is the percentage of Public Entities in Europe
with Risk Department?
0
10
20
30
40
50
60
70
80
90
100
47
53
YES
NO
27
Título del capítulo
www.canaldeisabelsegunda.es
Thank you for your attention
IAS Conference 2018 - "Internal Audit: Embracing the challenges of the future"