Extreme Makeover Commitment from Agency Leadership Tone at the Top Buyin from Management - PowerPoint PPT Presentation

1 / 36

About This Presentation

Title:

Extreme Makeover Commitment from Agency Leadership Tone at the Top Buyin from Management

Description:

To ensure new call center representatives receive the necessary training within ... To answer 90% of Call Center calls within 60 seconds or less and have the ... – PowerPoint PPT presentation

Number of Views:25

Avg rating:3.0/5.0

Slides: 37

Provided by: mkre1

Category:

more less

Transcript and Presenter's Notes

Title: Extreme Makeover Commitment from Agency Leadership Tone at the Top Buyin from Management

1
Extreme Makeover Taking Control of Your Stale
Internal Control Program October 27, 2009 Matt
Downey
2
Extreme Makeover Moving from Unit Assessments
to Functional Group Assessments
3
Extreme Makeover

Commitment from Agency Leadership
Tone at the Top
Buy-in from Management

4
Extreme Makeover

Identify the Function and Key Players
Make Sure That Appropriate Decision Makers are
Included
Group has Ownership of the Function

5
Risk Management

A systematic process used to identify risks and
promote Internal Control activities that result
in mitigation of risk.

6
The Risk Assessment Process

Document the process
Uncover deficiencies and highlight opportunities
for improvement
Clarify roles and responsibilities
Provide reasonable assurance that what is
supposed to happen actually does

7
The Four Step Risk Management Thought Process
Step 1 Understand the Business Objective and the
Major Steps in the Process Step 2 Identify and
Assess the Risks Step 3 Identify, Document,
Evaluate and Test the Controls Step 4 Recommend
Corrective Action and Follow-up
8
Step 1 Understand the Business Objective and
the Major Steps in the Process
What the process or program under review is
trying to accomplish?

Ensure objective is
Specific
Measurable
Achievable
Relevant
Time framed

9
Objectives
Operational What needs to be done.
Financial Revenues to be raised, dollars to be
saved, accurate recording and reporting of
financial data.
Compliance Applicable regulations and policies
will be upheld.
10
Example of Objectives

To ensure new call center representatives receive
the necessary training within six months of hire
date and demonstrate proficiency with subject
matter and public voice.
To answer 90 of Call Center calls within 60
seconds or less and have the average speed of
answering Call Center calls be less than 25
seconds.

11
The Four Step Risk Management Thought Process
Step 1 Understand the Business Objective and the
Major Steps in the Process Step 2 Identify and
Assess the Risks Step 3 Identify, Document,
Evaluate and Test the Controls Step 4 Recommend
Corrective Action and Follow-up
12
Step 2Identify and Assess the Risks

Identify the internal and external factors that
threaten the achievement of HESCs objectives.

Prioritize by
Impact
Likelihood

13
Questions to Consider During Risk Identification
What could go wrong? Why or how could it
occur? How bad could it be? How likely is it to
occur?
14
Prioritizing Risks

High Risk A most serious problem or threat to
achieving the business objective. It must be
addressed immediately. Failure to comply with
applicable laws are high risk.
Medium Risk A problem which would make it hard
to achieve the business objective and would take
a lot of time and effort to fix if it happened.
Low Risk A problem from which HESC could
recover rather easily and still achieve the
business objective.
Do not consider the effect of contare in place

Do not consider the effect of controls that are
in place
15
9

8

7

6

4
3

2
1
6 7 8 9
1 2 3 4
16
Tips for Describing Risks

Write a description of the negative event.
Include a description of why or how the risk
could occur.
Differentiate risk impacts from risk causes.
The risk description should be clear and detailed.

17
Example of Risks

Customer Service Risk Call Center
representatives provide inaccurate information to
HESC customers.
Customer Service Risk Calls go unanswered due to
system issues, low number of staff, untrained
staff.

18
The Four Step Risk Management Thought Process
Step 1 Understand the Business Objective and the
Major Steps in the Process Step 2 Identify and
Assess the Risks Step 3 Identify, Document,
Evaluate and Test the Controls Step 4 Recommend
Corrective Action and Follow-up
19
Step 3Identify, Document, Evaluate and Test the
Controls

Identify the controls in place to reduce or
eliminate risks.
Evaluate the adequacy of those controls.
Verify controls are working as intended.

20
Controls

Provide reasonable assurance that what is
supposed to happen actually does. Controls also
minimize the likelihood of negative surprises.

21
Types of Controls

Documentation
Approval/Authorization
Verification
Supervision
Segregation of Duties
Safeguarding Assets
Reporting
Reconciliation

22
Questions to Consider During Control Documentation

Who performs the controls?
When is the control being performed?
Why is it performed?
What happened to exceptions?
Where is the control performed?
How is it performed?

23
What to Consider When Evaluating Controls

The nature of the operation
The program objective
The risk priority
The need for cost-efficiency and
time-effectiveness
The need for mandated controls

24
Managing Risks

Control Environmental Elements Sets the tone of
the Agency. Includes ethical values, integrity,
employee experience, training programs.
Control Activities Policies and procedures
established to ensure directives are carried out.
Includes passwords, authorization requests,
physical control over assets, documentation.
Monitors Assesses the effectiveness of the
internal control system. Includes customer
satisfaction surveys, reviews, data comparisons,
reconciliations.

25
Example of Controls

Supervisor tracks calls and runs, constantly
providing real-time reporting on each
supervisors computer screen. At the end of the
day supervisors run historical reports which are
reviewed and distributed to all of their staff.
Emergency Skills Announcement is used if IVR is
up but the Call Center is closed (i.e., a fire
drill).

26
Testing

Provide proof that controls are operating as
intended to manage the risks and achieve the
related control objectives.

27
Walkthrough Methods

Document Analysis Review records, forms, or
other documents.
Observation Watch the control being performed
in practice.
Interview Elicit information from those
performing that control.

28
The Four Step Risk Management Thought Process
Step 1 Understand the Business Objective and the
Major Steps in the Process Step 2 Identify and
Assess the Risks Step 3 Identify, Document,
Evaluate and Test the Controls Step 4 Recommend
Corrective Action and Follow-up
29
Step 4Recommend Corrective Action and Follow-up

Based on the results of the control evaluation
and testing, management may need to develop an
appropriate action plan to correct situations in
which the controls are either non-existent, not
functioning as intended, or inefficient.

30
Take Corrective Action
Risk Response
When weaknesses are found, decide to

Institute new controls.
Improve existing controls.
Accept the risk.

31
Example of Corrective Action

Call Center will implement a system/process to
monitor complaints using a spreadsheet with
details of complaint and resolution.
Create a log of compliments received.

32
Titanic Disaster

The Titanic received seven different iceberg
warnings on the day of her sinking. Six of which
were disregarded by Captain E. J. Smith. The
seventh warning never made it to the bridge.

33
Space Shuttle Disaster

Disintegration of the entire vehicle began
after an O-ring seal in its right Solid Rocket
Booster (SRB) failed at liftoff. NASA managers
had known that contractor Morton Thiokols
design of the SRBs contained a potentially
catastrophic flaw in the O-rings since 1977, but
they failed to address it properly. They also
disregarded warnings from engineers about the
dangers of launching on such a cold day and had
failed to adequately report these technical
concerns to their superiors.

34
Next Steps