RiskandControls101 PDF
RiskandControls101 PDF
RiskandControls101 PDF
Agenda
2
What is Risk?
Example:
The Airline Industry
Risks: Terrorism,
Bankruptcy
3
What is a control?
Example:
The Airline Industry
Controls: Security
measures
4
Two Basic Types of Controls
Control Types Description Examples
Preventive Controls Prevent undesirable System controls
events from occurring preventing
unauthorized access
Facilitate desirable
events Restrictions of user
overrides
Segregation of duties
Dual entry of sensitive
managerial
transactions
Detective Controls Identify/Detect Exception reports,
undesirable events management review
and action taken on the
exceptions
Example:
The Airline Industry
Preventive?
Detective?
5
Two Ways Controls are Executed
Manual (performed by
people)
Examples:
Authorizations,
Management reviews
Automatic (embedded in
application code)
Examples: Exception
reports, Interface
controls, System access
Example:
The Airline Industry
Manual controls? Automatic controls? 6
Control Categories
Control Category
Description Example
Legend
Approval of transactions executed and access to assets and records
Authorization only in accordance with management's general or specific policies Authorization limits.
and procedures.
Configuration/ Account Mapping "Switches" to secure data against inappropriate processing. Screen layouts with required fields.
Controls over moving data between computer systems. Process Interface between AP system and
Interface/ Conversion Controls
used to migrate data from a legacy system. GL system.
Separation of duties and responsibilities for authorizing transactions, Staff who bill accounts receivable
Segregation of Duties
recording transactions and maintaining custody. do not post cash collections.
7
LBNL Process
Perform a risk assessment using the financial
Risk statements
Assessment
Document
Identify controls in processes
Controls
Report to
Report in FMA Tool and Annual Assurance letter
DOE
8
A-123 Risk MAP FY12
Risk Ranking 5
1. General Ledger Management
1
2. Funds Management 2
3.
4.
Cost Management
Property Management
3
5. Environmental Liabilities 4
6. Payroll
7. Acquisition Management
8. Payables Management
9. Project Cost Management
10.
11.
Receivables Management
Benefits Administration
3
12. Revenue Recognition
13. Travel
Impact
5
6
8 7
1 2
1 3 1 1 1 0 9
1 3 5
Likelihood
Questions?
Contact jwick@lbl.gov
11