2. Risk & Assessment - Definitions Risk - the threat that an event, action, or non-action will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully. Risk is measured in terms of consequences and likelihood. Risk assessment - the identification and analysis of risks to the achievement of business objectives. It forms the basis for determining how risks should be managed.
3.
4. Risk Assessments Employ a combination of both qualitative and quantitative methodologies. Relate time horizons to objective horizons. Assesses risk on both an inherent and a residual basis.
5. Inherent Risk Vs. Residual Risk Inherent Risk The risk that exists before you address it, i.e., the risk to your Facility or Network in the absence of any actions taken to alter either the likelihood or impact. Every company faces it, not all manage it effectively. Residual Risk Also know as ” vulnerability ” or “ exposure .” It is the risk that remains after your Facility or Network has attempted to mitigate the inherent risks.
6. Risk Analysis Control It Share or Transfer It Diversify or Avoid It Risk Management Process Level Activity Level Entity Level Risk Monitoring Identification Measurement Prioritization Risk Assessment
7.
8.
9. FACT: Internal control starts with a strong control environment . While internal auditors play a key role in the system of control, management is the primary owner of internal control. Internal control is integral to every aspect of business. Internal control makes the right things happen the first time. Internal controls should be built “into,” not “onto” business processes. Internal Control Myths and Facts MYTH: Internal control starts with a strong set of policies and procedures. Internal control: That’s why we have internal auditors! Internal control is a finance thing. Internal controls are essentially negative, like a list of “thou-shall-not's.” Internal controls take time away from our core activities of patient services, financial reporting, and supply chain, payroll and core business processes.