Tip of the Month
November and December 2015
The Institute of Internal Auditors (IIA) articulated a model for a rigorous and efficient approach to discuss risk and control in The Three Lines of Defense in Effective Risk Management and Control, a position paper dated January 2013. This model clarifies essential roles and duties.
- The First Line of Defense: Operational Management
- The Second Line of Defense: Risk Management and Compliance Functions
- The Third Line of Defense: Internal Audit
Source: IIA Position Paper, The Three Lines of Defense in Effective Risk Management and Control, January 2013
Education & Training
Risks are those uncertainties that we must understand and manage in order for each of us to execute strategies and achieve our objectives and goals. Limited resources must be applied in a manner to achieve our strategic objectives and to manage the risks that may stand in the way of that achievement. This is the domain of Enterprise Risk Management. The foundation for any ERM program is the COSO (Committee of Sponsoring Organizations of the Treadway Commission) ERM Framework which may be viewed at the following site.
Internal Audit Staff are available at your request to provide training on internal controls, proper segregation of duties, information system internal controls, etc. Please contact the Internal Audit Office, email@example.com or firstname.lastname@example.org to discuss your training needs. The training agenda will be coordinated with you to ensure your training objectives are met.
Thefts may result from internal misappropriations or external events such as a robbery. Always remember that unnecessary risk should never be taken -- items in homes, offices, cars, etc. can be replaced. You can't!
Guidelines in the Event of Suspected Internal Theft
The responsibility for protecting University assets is shared by everyone. It is your responsibility to report suspected theft, negligence, misappropriations or carelessness to your Supervisor, Internal Audit, or Campus Police. Be alert and recognize control weaknesses that could result in a loss to the University. It is always better to prevent a loss than to recover one.
Guidelines in the Event of a Robbery
For detailed guidelines refer to the Purdue University Cash Handling Manual. A copy of this document should be on file with your Business Office or may be obtained from the Manager of University Collections. Remember that unnecessary risk should never be taken.
Remain calm and as soon as possible call 911
The "do's" for defusing situations are (1) do have a plan, (2) do be aware of warning signals, (3) do intervene early, and (4) do use calming techniques. The "don'ts" to remember are (1) don't sacrifice yourself for things, (2) don't put your hand unexpectedly on a disturbed or upset person, (3) don't challenge, dare, argue, or threaten the person, (4) don't use derogatory terms or talk as if he/she isn't there.