Examples - When Do You Call Us?

• Guiding and facilitating the Board and Management in determining its risk tolerances

• Guiding and formalizing each organization's risk appetite based on its unique risk tolerances.

• Implementing changes to a system/procedure but unsure if they have any control implications or impact?

• Evaluating or implementing system/procedures but unsure whether they have addressed the necessary control and audit requirements?

• Internal controls established over time but unsure if they are still needed or achieve their objectives?

• Systems/procedures that are ineffective or inefficient?

• Unusual/suspicious activities noted but unsure what to make of them or whether they should be highlighted, escalated or investigated?

• Improve and optimize the use of limited audit/review resources?

• Training Board and Management on risk management concepts and framework.

• Developing and documenting policies and procedures that improve governance, risk management, controls, fraud, conflicts of interest, corruption and probity.

• Determining if controls and procedures in place are reasonable.

• Unsure:

  • if segregation of duties is adequate within staff functions?

  • if certain activities are deemed fraudulent and the next steps?

  • about the impact/consequence and likelihood of a risk?

  • of the actions required to address a risk?

  • about what constitutes an acceptable and adequate Risk Management policy and framework?