8:00 - 9:00 | |
Continental Breakfast |
9:00 - 9:10
Welcome and Opening Remarks from the Chair
John Lark, Risk Practice Manager, Stratos Inc, former Director of Integrated Risk Management, Audit and Evaluation at Fisheries and Oceans Canada
9:10 - 10:10
Leading Practices in Risk Management: A Case-Study Approach
Kaval Pannu, Senior Manager, Enterprise Risk Services, Deloitte and Touche LLP
Duncan Geddes, Manager, Enterprise Risk Services, Deloitte and Touche LLP
- Tried-and-true plans and methods: some of the best practices
- Examining U.K. public sector risk management practices and their
effectiveness
- How you can apply these practices in your department
- Tools and frameworks for managing risk
10:10 - 10:30 | |
Networking Break |
10:30 - 11:30
New Tools and Techniques for Accountability and Managing Risk
Tracy Dallaire, Acting Manager, Risk and Assurance, Ontario Internal Audit Division, Treasury Board of Ontario (TBO), Ministry of Finance
- Mystery shoppers in Ontario
- Transfer payments recipients
- Fraud-leased audits
11:30 - 12:30
The New ISO 31000 Standard for Risk Management (out in 2009)
Dr. John Shortreed, Institute for Risk Research, University of Waterloo; Member of ISO 31000 Working Group; Member of CSA Committee on Risk Management
- What is included in the next-to-final draft of ISO 31000
- The benefits of adopting ISO 31000 risk management standard
- How to implement ISO 31000 risk management in your organization
1:45 - 2:45
The Top Down Risk Based Approach to Internal Control Design
Stuart Hartley, FCA, President, FocusROI
There has been a lot of criticism expressed over the cost of compliance with the CEO and CFO certification requirements
in the United States and Canada. Revised requirements came into effect in 2007 are principle-based and required a risk-based
approach. This session provides an overview of what has changed and how the principles can apply in the public sector.
- What is "top down" and "risk based"?
- What's changed in internal control certification?
- Use of frameworks such as the COSO ERM model
- Entity level and IT general controls
2:45 - 3:00 | |
Networking Break |
3:00 - 4:00
Understanding, Managing and Integrating your Privacy Risks
Alain Rocan, Senior Manager, Enterprise Risk Services, Deloitte and Touche LLP
While awareness of privacy risks has steadily increased over the last
years, comprehensive privacy risk management programs are still not as
widespread as one would expect. When privacy programs do exist, they
are often not well integrated into broader risk management programs.
- Types of privacy risks most often seen in the public sector
- Best practices for managing privacy risks
- How should privacy risks be accounted for in an overall risk management
program?
4:00 - 5:00
Identifying Fraud Risk
Marcus Guenther, Vice-President, FocusROI
Fraud and misconduct undermine public trust and confidence in
government departments and agencies. As a result of highly publicized
corporate scandals, a lot of attention has been directed towards developing
effective anti-fraud policies and procedures. This session focuses
on how to identify areas that are susceptible to fraud, the development
of possible
- Understanding the nature of fraud risks
- Who commits fraud: the fraud triangle
- Control environment: tone at the top
- Design of anti-fraud programs and controls
- Top-down risk-based approach to control evaluation
- Testing fraud controls, such as the whistle-blowing policy
| 
