Risk Assessment
The purpose of the risk assessment is to develop an audit plan for performing audit projects in risk areas over a specified time in order to:
• minimize the risk of losses to the College
• prioritize audit projects by the level of risk
• utilize audit staff and time in an effective and efficient manner
• determine the nature, timing, and extent of audit steps and procedures in direct relation to the amount and nature of the risk
The risk assessment consists of three phases:
- Identify auditable entities
We review the College structure to identify administrative and academic units. We evaluate organizational charts and financial information in order to determine how to organize the units into auditable entities. We also identify processes which apply to all departments such as payroll, purchasing, etc. - Risk Assessment Questionnaire
Utilizing a standardized questionnaire we obtain information about each of the College’s auditable units. - Analyze information and develop a risk matrix
We utilize responses to the questionnaire to rate each entity based on eleven risk factors, which are given a weighted percentage value. The risk factors include:
1. Quality of internal controls (20%)
2. Financial Impact (10%)
3. Frequency/Complexity/Volume of Transactions (10%)
4. Regulatory/Legal Impact (10%)
5. Changes in Area/Management/Systems or Business Processes (10%)
6. Competency of Management/Staff (10%)
7. Opportunity of Fraudulent Activity/Waster or Abuse (10%)
8. College Image/ Reputation or Market / Participant / Customer Impact (5%)
9. Time Since Last Audit (5%)
10. Last Audit Results (5%)
11. Management Discretion (5%)
The risk factors for a given audit unit are assigned weights from 1 (less significant) to 5 (more significant) based on the weighted scale. The weighted sum determines the total risk score for each entity.
Audit projects are scheduled based on the highest risk entities and the available internal audit resources. The risk assessment is updated annually as part of the audit planning process.
