Auditing & Advisory Services

风险管理

风险管理和内部控制问题：

• 什么是风险？

• Can risk be prevented?

• What are controls?

• 谁负责内部控制？

• 管理层如何确定需要哪些控件？

• What it Internal Audit's function in relation to internal controls?

什么是风险？

风险是可能危及目标实现的任何事情。风险可能与内部或外部因素有关。外部因素可以包括但不限于经济变化，新的或修订的法律法规，技术发展以及社会变革。内部因素可以包括人员，新信息系统和重组的变化。

Can risk be prevented?

良好的内部控制可以有效地最小化甚至通常防止风险。一般而言，控制是为了增强建立目标和目标的可能性而采取的任何行动。

What are controls?

控件有两种类型：

• 预防控制 - 旨在阻止错误或不规则发生。示例：仅在从适当的人员那里获得签名后才处理凭证。
• 侦探控制 - 旨在发现发生错误或不规则的情况。示例：审查部门电话账单以获取个人电话。

In the UTHealth environment, internal controls serve the same purpose:

• 保护大学的资产
• Ensure that records are accurate
• Promote operational efficiency
• 鼓励遵守法律，政策和法规

谁负责内部控制？

最终，是UTHealth management'sresponsibility to ensure that appropriate controls are in place. That responsibility is delegated to each area of operation. Every employee has some responsibility for making this internal control system function. Therefore, all UTHealth employees need to be aware of the concept and purpose of internal controls. Thus, control is the result of proper planning, organizing, and directing by management.

管理层如何确定需要哪些控件？

管理层应识别和分析每个关键责任领域的风险，然后考虑减轻或限制高风险所需的步骤。此过程称为风险评估。为了评估其运营领域，管理层可以参考A＆AS PAKERED风险评估矩阵的示例对于Uthealth的关键责任领域和相关的良好业务标准。但是，该矩阵不应被视为无所不包和/或详尽无关，既不相对于问责制领域也不是标准。管理层应始终考虑其特定运营领域的特定情况或风险，例如遵守适用的联邦或州法律或内部政策。

由于业务环境不断变化，因此管理层应对风险及其对现有内部控制的影响进行持续的评估。

What is internal audit's function in relation to internal controls?

Internal auditing is an independent appraisal function established within an organization to examine and evaluate the adequacy and effectiveness of the organization's internal control system and its overall quality of performance. Internal auditing furnishes top management with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed.