Operational Audits Financial Management Audits Advisory Services Information System Reviews Investigative Assignments Compliance Audits

The Internal Audit Process Accountability Model Risk Assessment Tools Enterprise Risk Management Implementation Tool Agency Self Assessment Tool Business Application/Operating Internal Audit Reports

Internal Audit & Advisory Services Office of the Comptroller General Auditor General of BC Risk Management Branch Waste Buster Program Contact Us

Job Opportunities

IAAS End State Vision for Risk Management

Risk management and control has and will continue to be a central aspect in the work of Internal Audit. IAAS has had a long-standing role reviewing control systems, providing control advice to management and working with ministry management to identify risks and priorities as part of the audit planning cycle.

IAAS accepts that the risks and opportunities faced by the organization serve as the most appropriate basis for allocating available internal audit resources. By focusing on the organizations key risks and opportunities, IAAS will ensure it adds maximum value. Historically, a provincial risk management framework has not existed; as a result, IAAS has worked with management in the past to define an audit planning risk assessment framework. The introduction of ERM will result in a standard organization risk framework that is embraced and supported by management. IAAS is optimistic that this will create efficiencies in the strategic audit planning process and result in greater alignment of internal audit resources with ministry objectives.

Recognizing that a fully matured ERM initiative within an organization can take up to five years, IAAS has developed an evolving vision, defined in three phases that parallel the anticipated reality.

Phase I: Assist in the Planning of ERM Implementation (Now) Phase II: Assist in the Implantation of ERM (6 month - 2 years) Phase III: Providing Assurance (2 years - 5 years)

There are a number of potential areas where IAAS can provide value to your organization and provincial risk management activities. Some of these may be new, however, many just represent a refocusing on services internal audit already provides. These areas include:

• review of critical control systems and risk management processes;
• an effectiveness review of management's risk assessments and the internal controls;
• advice in the design and improvement of control systems and risk mitigation strategies;
• enhancement of our risk-based approach to planning and executing internal audit;
• activities ensuring that internal audit resources are directed at those areas that are most important to the organization;
• challenge the basis of management risk assessments and to evaluate the adequacy and effectiveness of risk treatment strategies;
• facilitation of ERM workshops;
• defining risk tolerances where none have been identified based on internal audit's experience and the use of judgement and consultation with management.

To be fully successful internal audit will seek out and encourage collaboration with the Office of the Auditor General, ministry clients, Risk Management Branch and Contractors for the purposes of:

• Mutual exchange of ERM best practices, information and reports;
• co-operation in the development of ERM recommendations; · communicating status of ERM recommendations and follow-up activities;
• using complementary ERM auditing methodologies and tools;
• constantly seeking to identify and eliminate areas of potential duplication of effort;
• increase the quality and cost-effectiveness of effort and coverage of risk.

Outline

• PowerPoint Training Outline (requires PowerPoint or PowerPoint Viewer - get the viewer here) (pps 447k)

IAAS ERM Training Manual and Appendicies

• IAAS ERM Manual pdf (620k)
• Appendix 1 - Toolkit Guidance pdf (21k)
• Appendix 2 - Ministry ERM Sample Rollup pdf (6k)
• Appendix 3 - ERM Project Management pdf (52k)
• Appendix 4 - Maturity Model pdf (26k)
• Appendix 5 - Risk Tracking Tool pdf (7k)
• Appendix 6 - Sample ERM Organisation pdf (16k)
• Appendix 7 - ERM Policy pdf (9k)
• Appendix 8 - Sample ERM Questions and Answers pdf (25k)
• Appendix 9 - Sample ERM Project Risk Register pdf (25k)
• Appendix 10 - ERM Workshop Facilitation Tips pdf (23k)
• Appendix 11 - ERM Workshop Facilitation Skills pdf (9k)
• Appendix 12 - Sample ERM Workshop Evaluation pdf (10K)

IAAS ERM Examples

• Example 1 - Risk Dictionary pdf (25k)
• Example 2 - Workshop Agenda pdf (13k)
• Example 3 - Workshop Agenda Time Schedule pdf (19k)
• Example 4 - Detailed Facilitation Agenda pdf (17k)
• Example 5 - ERM Assessment Questionairre pdf (260k)

If you require Microsoft Word (.doc) versions of these files, please email or contact us.