risk and compliance department$!26+Compliance+Department.pdfRisk and Compliance Department’s...
Transcript of risk and compliance department$!26+Compliance+Department.pdfRisk and Compliance Department’s...
risk and compliance departmentbusiness plan 2012-2014
Table OF COnTenTs
1. Our Services 1.1 Our Mandate 1.2 Lines of Business
2. Accomplishments
3. Implementing Sustainability 3.1 Strategy 1 3.2 Strategy 2 3.3 Strategy 3
4. The Measures of Our Performance
5. Operating Budget
It is my pleasure to present to you Risk and Compliance Department’s business plan for 2012-2014. Our Department was established in March 2008 to enable the efficient and effective governance of significant risks and related opportunities to the organization and its departments. The Risk and Compliance Department assists the Municipality to accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the integrity and effectiveness of the Municipality’s systems of risk management and control for governance, management and operational functions.
As Director of the Department, I am accountable to enable the corporation to balance risk and reward through the Insurance Services, Compliance and Control, and Enterprise Risk Management (ERM) branches. As we progress through the strategies, actions and initiatives of our 2012-2014 Business Plan, I will guide the Department’s activities to ensure alignment with the priorities of the Municipal Development Plan, in particular
the priority to Enhance and improve corporate responsibility and governance. A fundamental of good governance is that sound legislation, administrative, monitoring and service delivery systems exist to help establish accountability for results. As a Department, we will delivery strategies, actions and initiatives that support the directions and strategies of the Municipal Development Plan.
Our Department strategy to improve corporate identification of and response to operational risk will support the Municipal Development Plan (MDP) strategy to promote effectiveness in service provision. Our strategy to enhance efficiency and effectiveness of business performance will likewise support the MDP strategy to promote the efficient use of resources in service delivery. Lastly, our strategy to develop and promote a systematic governance approach to setting the best course of action – which includes the implementation of Enterprise Risk Management, will support the MDP strategy to pursue advanced administrative practices and structures.
As we move forward with developing the new branches, I look forward to establishing best practices and high standards of excellence that support not only the MDP, but other Council and corporate priorities – in addition to the Municipality’s needs and requirements in risk management and compliance.
Sincerely,
Ralph Timleck, CMA, CIA, CISA Director, Risk and Compliance DepartmentRegional Municipality of Wood Buffalo
Message FrOM The DireCTOr
our SERVICES
Our Mandate1.1The Risk and Compliance Department will assist the corporation in creating a healthy organization with a strategic focus on resource management and planning for the future. To achieve this we will work towards embedding an organizational enterprise risk management culture throughout the organization. The department will concentrate on effectively assessing and addressing strategic, reputational, operational, financial, and legal or compliance related risks to the Regional Municipality of Wood Buffalo as well as assisting Municipal management in enhancing efficiency and effectiveness of business performance through reviews of business processes and activities of the Municipality.
our SERVICES
Our Mandate Lines of Business1.2risk Management (insurance services)
Improve corporate identification of and response to operational risk.
• Develop policies and processes to identify, document, insure, monitor and communicate risks.
• Promote risk awareness and stakeholder roles in operational risk.
Compliance and Control
Enhance efficiency and effectiveness of business performance.
• Create mandates, procedures and processes to support the functions of audits in Compliance and Controls Branch
• Conduct audits in accordance with the annual audit plan
enterprise risk Management
Developing and promote a systemic governance approach to setting the best course of action.
• Implement Enterprise Risk Management (ERM) as a method to balancing risks with opportunities
• Develop policies and processes to identify and communicate risks
• Educate Municipal management team on departmental function and Enterprise Risk Management
ACCOMPLISHMENTSThe Risk and Compliance Department continued to evolve in 2011 with the Insurance Services, Compliance & Control and Enterprise Risk Management branches.
The Insurance Services branch is now fully staffed allowing their attention to be focused on the ongoing processes and procedures to help provide risk management services to the organization and customer service to our clients. The development and implementation of the intranet and internet pages ensures that our citizens as well as internal clients have the tools to ensure that various stakeholder risks are identified and addressed.
The Compliance and Control branch is currently staffed with a Senior Auditor and an Auditor with plans to fill the positions of Manager and another Auditor by the end of 2011. In December 2010 a review of current risk assessment practices across all departments of the municipality was done in
preparation of the 2011 Audit Plan. The assessment was based on key areas within the Departmental Business Plans: organizational structures, business objectives, project control, risk management polices and processes including services, staffing need and other resources required to achieve their business objectives. Other areas covered included the Municipality’s property management, exposure to potential liabilities in the course of conducting their activities, cost saving opportunities, and sound risk management techniques. Eight audits have been completed to date with more on the horizon.
The Enterprise Risk Management branch is in the process of filling the Manager position. In September of 2010 a training session for the ERM Framework was done. The ERM Methodology – ISO 31000 was introduced and steps to further educate the organization are ongoing.
ACCOMPLISHMENTS
implementing SUSTAINABILITY
In 2012-2014, the Risk and Compliance Department will support the implementation of the Municipal Development Plan through the delivery of Strategies, Actions and Initiatives that support many areas of the MDP. Some of the key points of alignment between the MDP and the Department’s 2012-2014 Business Plan are as follows
promote effectiveness in service provision
6.2.1
MuniCipal DevelOpMenT plan sTraTegy
promote the efficient use of resources in service delivery
6.2.2
MuniCipal DevelOpMenT plan sTraTegy
promote Community safety
6.1.5
MuniCipal DevelOpMenT plan sTraTegy
risk anD COMplianCe DeparTMenT 2012-2014 sTraTegy
In 2012-2014, the Department will
promote the efficient use of resources in
service delivery by creating mandates,
procedures and processes to support
the functions of audits in Compliance
and Controls Branch. By conducting
audits in accordance with the annual
audit plan, the Department will
enhance efficiency and effectiveness
of business performance.
Enhance efficiency and effectiveness of business performance
2risk anD COMplianCe DeparTMenT 2012-2014 sTraTegy
The Risk and Compliance Department
will support the MDP strategy of
promoting effectiveness in service
provision by improving the Corporation’s
identification and response to
operational risk. Department actions
in support of this will include: the
development of policies and processes to
identify, document, insure, monitor and
communicate risks; and the promotion of
risk awareness and stakeholder roles in
operational risk.
Improve corporate identification of and response to operational risk
1risk anD COMplianCe DeparTMenT 2012-2014 sTraTegy
The Department’s strategy to develop
and promote a systematic governance
approach to setting the best course of
action involves the implementation of
Enterprise Risk Management (ERM) as
an advanced administrative practice.
Initiatives in support of ERM will include
the development of a Corporate Risk
Profile and the establishing of process
compatibility with ISO31000.
Developing and promote a systematic governance approach to setting the best course of action
3
sTraTegiC plan priOriTy
Demonstrate leadership in climate change adaptation and mitigation
10
sTraTegiC plan priOriTy
Demonstrate leadership in climate change adaptation and mitigation
10
sTraTegiC plan priOriTy
Demonstrate leadership in climate change adaptation and mitigation
10
sTraTegy 1
Improve corporate identification of and response to operational risk
3.1
ACTION 1.1 Develop policies and processes to identify, document, insure, monitor and communicate risks
INITIATIVE 1.1.1Investigate the possibility of self-insurance of specific assets
INITIATIVE 1.1.4Investigate the possibility of providing physical risk/hazard inspection services to departments
INITIATIVE 1.1.2Create a Risk Management Manual
INITIATIVE 1.1.5Create a Motor Vehicle Usage Risk Management Strategy
INITIATIVE 1.1.3Create a Claims Manual
INITIATIVE 1.1.6Develop a process for managing evidence of insurance
INITIATIVE 1.1.7Review the Risk Management Policy for required updates
ACTION 1.2 Promote risk awareness and stakeholder roles in operational risk
INITIATIVE 1.2.1Create a Risk Management Communication Strategy for external stakeholders
INITIATIVE 1.2.2Develop an internal training plan for municipal employees
INITIATIVE 1.2.3Develop and maintain relationships with internal stakeholders
sTraTegy 2
Enhance efficiency and effectiveness of business performance
3.2
ACTION 2.1 Create mandates, procedures and processes to support the functions of audits in Compliance and Controls Branch
INITIATIVE 2.1.1Develop audit programs, processes and procedures
INITIATIVE 2.1.4Develop Standard Reporting Plans
INITIATIVE 2.1.2Develop required audit templates
INITIATIVE 2.1.3Acquire and implement audit software
ACTION 2.2 Conduct audits in accordance with the annual audit plan
INITIATIVE 2.2.1Conduct an Organizational Risk Assessment in conjuction with Enterprise Risk Management
INITIATIVE 2.2.2Develop an audit plan based on organizational risk assessment
INITIATIVE 2.2.3Train staff on specific technical requirements needed to support the yearly audit plan
INITIATIVE 2.2.4Conduct risk and compliance reviews of vendor’s processes and projects
sTraTegy 3
Develop and promote a systematic governance approach to setting the best course of action
3.3
ACTION 3.1 Implement Enterprise Risk Management (ERM) as a method to balancing risks with opportunities.
INITIATIVE 3.1.1Continue with development of the Corporate Risk Profile
INITIATIVE 3.1.4Ensure continuous Risk Management learning both in the Department and across the Municipality
INITIATIVE 3.1.2Establishing an Enterprise Risk Management process compatable with the requirements of ISO31000.
INITIATIVE 3.1.3Promote, monitor and guide the practice of Enterprise Risk Management
ACTION 3.2 Develop policies and processes to identify and communicate risks
INITIATIVE 3.2.1Prepare Whistleblower Policy
INITIATIVE 3.2.2Prepare Code of Conduct / Code of Ethics Policy
INITIATIVE 3.2.3Develop and implement Enterprise Risk Management policy
INITIATIVE 3.2.4Research best practices to identify further required policies
ACTION 3.3 Educate Municipal management team on departmental function and Enterprise Risk Management
INITIATIVE 3.3.1Develop and implement a communication plan for the department
INITIATIVE 3.3.2Implement Enterprise Risk Management training plans
the measures of OUR PERFORMANCEIn 2012-2014, the Risk and Compliance Department will measure the results of programs and activities on an annual basis. These measures will be a combination of output measures and outcome measures. Output measures support budgeting and planning processes by measuring the volume of work, and the demand for our services. Outcome measures based on client satisfaction allow us to determine if our work is meeting the expectations and needs of our internal clientele. The following is a listing of some of our performance measures in 2012-2014.
STRATEGY,
ACTION OR
INITIATIVE
PERFORMANCE MEASURE
2011
2012
2013
2014
1 Client satisfaction with the Municipality's Securing of insurance for assets TBD TBD TBD TBD
1 Client satisfaction with Claims adjusting services provided by Risk Management Branch TBD TBD TBD TBD
1.1 Number of policies and processes developed to identify, document, insure, monitor and communicate risks TBD TBD TBD TBD
1.2Client satisfaction with Risk and Compliance Department's Promoting business risk identification and
awarenessTBD TBD TBD TBD
2Level of agreement with the statement: The overall business performance of the Municipality is effective.
(Employee Survey of Internal Department Services)TBD TBD TBD TBD
2.1.1Level of agreement with the statement: The overall business performance of the Municipality is effective.
(Employee Survey of Internal Department Services)TBD TBD TBD TBD
2.2 Number of audits conducted TBD TBD TBD TBD
2.2.4 Number of risk and compliance reviews completed TBD TBD TBD TBD
operating BUDgETRISK COMPLIANCE
2009 2010 2011 2011 2012 2013 2014Actual Actual Budget Projection* Budget Plan Plan
REVENUES Taxes - - - - - - - Grants in lieu - taxes - - - - - - - Sales to other Governments - - - - - - - Sales/Goods - Services 639 - - - - - - Other Revenue From Own Services - - - - - - - Sale of Fixed Assets - - - - - - - Conditional Grants - - - - - - - Other Transfers - - - - - - - TOTAL REVENUES 639 - - - - - -
EXPENDITURES Salaries, Wages & Benefits 493,495 1,103,547 1,146,898 1,124,505 1,838,267 1,925,839 1,990,767 Contracted & General Services 916,373 1,124,352 2,103,884 2,181,386 2,146,920 2,152,000 2,156,216 Purchases from Government - - - - - - - Materials, Goods, Supplies & Utilities 4,354 10,913 12,500 12,500 11,500 11,845 12,200 Fixed Asset Acquisition - 8,482 4,000 4,000 10,000 10,300 10,609 Transfers & Grants - - - - - - - Financial Services Charges 50 135 200 200 300 309 318 Other Expenditures - - - - - - - TOTAL EXPENDITURES 1,414,272 2,247,429 3,267,482 3,322,591 4,006,987 4,100,293 4,170,111
OPERATING SURPLUS (DEFICIT) (1,413,633) (2,247,429) (3,267,482) (3,322,591) (4,006,987) (4,100,293) (4,170,111)
Contribution to Capital - - - - - - - Transfer from Reserve - - - (237,502) - - - Transfer to Reserve - 237,502 - - - - - PAYG - - - - - - -
SURPLUS/(DEFICIT) (1,413,633) (2,484,931) (3,267,482) (3,085,089) (4,006,987) (4,100,293) (4,170,111)
* Projection as of September 30, 2011
RISK & COMPLIANCESUMMARY OF REVENUES AND EXPENDITURES