risk and compliance department business plan

Transcription

1 risk and compliance department business plan

2 TABLE OF CONTENTS 1. Our Services 1.1 Our Mandate 1.2 Lines of Business 2. Accomplishments 3. Implementing Sustainability 3.1 Strategy Strategy Strategy 3 4. The Measures of Our Performance 5. Operating Budget

3 Message from the DireCTOr It is my pleasure to present to you Risk and Compliance Department s business plan for Our Department was established in March 2008 to enable the efficient and effective governance of significant risks and related opportunities to the organization and its departments. The Risk and Compliance Department assists the Municipality to accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the integrity and effectiveness of the Municipality s systems of risk management and control for governance, management and operational functions. As Director of the Department, I am accountable to enable the corporation to balance risk and reward through the Insurance Services, Compliance and Control, and Enterprise Risk Management (ERM) branches. As we progress through the strategies, actions and initiatives of our Business Plan, I will guide the Department s activities to ensure alignment with the priorities of the Municipal Development Plan, in particular the priority to Enhance and improve corporate responsibility and governance. A fundamental of good governance is that sound legislation, administrative, monitoring and service delivery systems exist to help establish accountability for results. As a Department, we will delivery strategies, actions and initiatives that support the directions and strategies of the Municipal Development Plan. Our Department strategy to improve corporate identification of and response to operational risk will support the Municipal Development Plan (MDP) strategy to promote effectiveness in service provision. Our strategy to enhance efficiency and effectiveness of business performance will likewise support the MDP strategy to promote the efficient use of resources in service delivery. Lastly, our strategy to develop and promote a systematic governance approach to setting the best course of action which includes the implementation of Enterprise Risk Management, will support the MDP strategy to pursue advanced administrative practices and structures. As we move forward with developing the new branches, I look forward to establishing best practices and high standards of excellence that support not only the MDP, but other Council and corporate priorities in addition to the Municipality s needs and requirements in risk management and compliance. Sincerely, Ralph Timleck, CMA, CIA, CISA Director, Risk and Compliance Department Regional Municipality of Wood Buffalo

4 1.1 Our Mandate The Risk and Compliance Department will assist the corporation in creating a healthy organization with a strategic focus on resource management and planning for the future. To achieve this we will work towards embedding an organizational enterprise risk management culture throughout the organization. The department will concentrate on effectively assessing and addressing strategic, reputational, operational, financial, and legal or compliance related risks to the Regional Municipality of Wood Buffalo as well as assisting Municipal management in enhancing efficiency and effectiveness of business performance through reviews of business processes and activities of the Municipality.

5 our SERVICES 1.2 Lines of Business Risk Management (Insurance Services) Improve corporate identification of and response to operational risk. Develop policies and processes to identify, document, insure, monitor and communicate risks. Promote risk awareness and stakeholder roles in operational risk. Compliance and Control Enhance efficiency and effectiveness of business performance. Create mandates, procedures and processes to support the functions of audits in Compliance and Controls Branch Conduct audits in accordance with the annual audit plan Enterprise Risk Management Developing and promote a systemic governance approach to setting the best course of action. Implement Enterprise Risk Management (ERM) as a method to balancing risks with opportunities Develop policies and processes to identify and communicate risks Educate Municipal management team on departmental function and Enterprise Risk Management

6 ACCOMPLISHMENTS The Risk and Compliance Department continued to evolve in 2011 with the Insurance Services, Compliance & Control and Enterprise Risk Management branches. The Insurance Services branch is now fully staffed allowing their attention to be focused on the ongoing processes and procedures to help provide risk management services to the organization and customer service to our clients. The development and implementation of the intranet and internet pages ensures that our citizens as well as internal clients have the tools to ensure that various stakeholder risks are identified and addressed. The Compliance and Control branch is currently staffed with a Senior Auditor and an Auditor with plans to fill the positions of Manager and another Auditor by the end of In December 2010 a review of current risk assessment practices across all departments of the municipality was done in preparation of the 2011 Audit Plan. The assessment was based on key areas within the Departmental Business Plans: organizational structures, business objectives, project control, risk management polices and processes including services, staffing need and other resources required to achieve their business objectives. Other areas covered included the Municipality s property management, exposure to potential liabilities in the course of conducting their activities, cost saving opportunities, and sound risk management techniques. Eight audits have been completed to date with more on the horizon. The Enterprise Risk Management branch is in the process of filling the Manager position. In September of 2010 a training session for the ERM Framework was done. The ERM Methodology ISO was introduced and steps to further educate the organization are ongoing.

7

8

9 implementing SUSTAINABILITY In , the Risk and Compliance Department will support the implementation of the Municipal Development Plan through the delivery of Strategies, Actions and Initiatives that support many areas of the MDP. Some of the key points of alignment between the MDP and the Department s Business Plan are as follows Municipal Development Plan Strategy Municipal Development Plan Strategy Municipal Development Plan Strategy Promote effectiveness in service provision Promote the efficient use of resources in service delivery Promote Community Safety Strategic plan priority 10 Demonstrate leadership in climate change adaptation and mitigation Strategic plan priority 10 Demonstrate leadership in climate change adaptation and mitigation Strategic plan priority 10 Demonstrate leadership in climate change adaptation and mitigation Risk and Compliance Department strategy 1 Improve corporate identification of and response to operational risk The Risk and Compliance Department will support the MDP strategy of promoting effectiveness in service provision by improving the Corporation s identification and response to operational risk. Department actions in support of this will include: the development of policies and processes to identify, document, insure, monitor and communicate risks; and the promotion of risk awareness and stakeholder roles in operational risk. Risk and Compliance Department strategy 2 Enhance efficiency and effectiveness of business performance In , the Department will promote the efficient use of resources in service delivery by creating mandates, procedures and processes to support the functions of audits in Compliance and Controls Branch. By conducting audits in accordance with the annual audit plan, the Department will enhance efficiency and effectiveness of business performance. Risk and Compliance Department strategy 3 Developing and promote a systematic governance approach to setting the best course of action The Department s strategy to develop and promote a systematic governance approach to setting the best course of action involves the implementation of Enterprise Risk Management (ERM) as an advanced administrative practice. Initiatives in support of ERM will include the development of a Corporate Risk Profile and the establishing of process compatibility with ISO31000.

10 3.1 Strategy 1 Improve corporate identification of and response to operational risk

11 action 1.1 Develop policies and processes to identify, document, insure, monitor and communicate risks INITIATIVE Investigate the possibility of self-insurance of specific assets INITIATIVE Create a Risk Management Manual INITIATIVE Create a Claims Manual INITIATIVE Investigate the possibility of providing physical risk/hazard inspection services to departments action 1.2 Promote risk awareness and stakeholder roles in operational risk INITIATIVE Create a Risk Management Communication Strategy for external stakeholders INITIATIVE Develop an internal training plan for municipal employees INITIATIVE Develop and maintain relationships with internal stakeholders INITIATIVE Create a Motor Vehicle Usage Risk Management Strategy INITIATIVE Develop a process for managing evidence of insurance INITIATIVE Review the Risk Management Policy for required updates

12 3.2 Strategy 2 Enhance efficiency and effectiveness of business performance

13 action 2.1 Create mandates, procedures and processes to support the functions of audits in Compliance and Controls Branch INITIATIVE Develop audit programs, processes and procedures INITIATIVE Develop required audit templates INITIATIVE Acquire and implement audit software INITIATIVE Develop Standard Reporting Plans action 2.2 Conduct audits in accordance with the annual audit plan INITIATIVE Conduct an Organizational Risk Assessment in conjuction with Enterprise Risk Management INITIATIVE Develop an audit plan based on organizational risk assessment INITIATIVE Train staff on specific technical requirements needed to support the yearly audit plan INITIATIVE Conduct risk and compliance reviews of vendor s processes and projects

14 3.3 Strategy 3 Develop and promote a systematic governance approach to setting the best course of action

15 action 3.1 Implement Enterprise Risk Management (ERM) as a method to balancing risks with opportunities. INITIATIVE Continue with development of the Corporate Risk Profile INITIATIVE Establishing an Enterprise Risk Management process compatable with the requirements of ISO INITIATIVE Promote, monitor and guide the practice of Enterprise Risk Management INITIATIVE Ensure continuous Risk Management learning both in the Department and across the Municipality action 3.2 Develop policies and processes to identify and communicate risks INITIATIVE Prepare Whistleblower Policy INITIATIVE Prepare Code of Conduct / Code of Ethics Policy INITIATIVE Develop and implement Enterprise Risk Management policy INITIATIVE Research best practices to identify further required policies action 3.3 Educate Municipal management team on departmental function and Enterprise Risk Management INITIATIVE Develop and implement a communication plan for the department INITIATIVE Implement Enterprise Risk Management training plans

16

17 the measures of OUR PERFORMANCE In , the Risk and Compliance Department will measure the results of programs and activities on an annual basis. These measures will be a combination of output measures and outcome measures. Output measures support budgeting and planning processes by measuring the volume of work, and the demand for our services. Outcome measures based on client satisfaction allow us to determine if our work is meeting the expectations and needs of our internal clientele. The following is a listing of some of our performance measures in STRATEGY, ACTION OR INITIATIVE PERFORMANCE MEASURE Client satisfaction with the Municipality's Securing of insurance for assets TBD TBD TBD TBD 1 Client satisfaction with Claims adjusting services provided by Risk Management Branch TBD TBD TBD TBD 1.1 Number of policies and processes developed to identify, document, insure, monitor and communicate risks TBD TBD TBD TBD Client satisfaction with Risk and Compliance Department's Promoting business risk identification and awareness Level of agreement with the statement: The overall business performance of the Municipality is effective. (Employee Survey of Internal Department Services) Level of agreement with the statement: The overall business performance of the Municipality is effective. (Employee Survey of Internal Department Services) TBD TBD TBD TBD TBD TBD TBD TBD TBD TBD TBD TBD 2.2 Number of audits conducted TBD TBD TBD TBD Number of risk and compliance reviews completed TBD TBD TBD TBD

18

19 operating BudgET Actual Actual Budget Projection* Budget Plan Plan REVENUES Taxes Grants in lieu - taxes Sales to other Governments Sales/Goods - Services Other Revenue From Own Services Sale of Fixed Assets Conditional Grants Other Transfers TOTAL REVENUES EXPENDITURES Salaries, Wages & Benefits 493,495 1,103,547 1,146,898 1,124,505 1,838,267 1,925,839 1,990,767 Contracted & General Services 916,373 1,124,352 2,103,884 2,181,386 2,146,920 2,152,000 2,156,216 Purchases from Government Materials, Goods, Supplies & Utilities 4,354 10,913 12,500 12,500 11,500 11,845 12,200 Fixed Asset Acquisition - 8,482 4,000 4,000 10,000 10,300 10,609 Transfers & Grants Financial Services Charges Other Expenditures TOTAL EXPENDITURES 1,414,272 2,247,429 3,267,482 3,322,591 4,006,987 4,100,293 4,170,111 OPERATING SURPLUS (DEFICIT) (1,413,633) (2,247,429) (3,267,482) (3,322,591) (4,006,987) (4,100,293) (4,170,111) Contribution to Capital Transfer from Reserve (237,502) Transfer to Reserve - 237, PAYG SURPLUS/(DEFICIT) (1,413,633) (2,484,931) (3,267,482) (3,085,089) (4,006,987) (4,100,293) (4,170,111) * Projection as of September 30, 2011 RISK & COMPLIANCE SUMMARY OF REVENUES AND EXPENDITURES