Annual audit plans are based on a periodic Risk Assessment.
This assessment includes input from
management and staff in identifying risks. Factors considered within the
Risk Assessment include:
- Quality of the Control Environment
Have administrative personnel changes occurred
within the department?
Have major program modifications occured?
Have departmental procedural problems been noted
by the departmental chair/director?
How long since last audit?
Are monthly reconciliations performed on all
departmental revenues and expenditures (compare documents to SAP
- Business Exposure
- How many programs/areas are encompassed within department?
- What is the amount of the total departmental budget?
- What is the amount of total department revenue?
- How many full time employees (FTE) for all programs/areas?
- Public & Political Sensitivity
- How sensitive is the department to bad media publicity?
- How much effect could politics have on meeting departmental
- Compliance Requirements
- Is the department governed by external regulations other than
- Does the department have external audits?
- Degree of Reliance on Information Technology/Reporting
- Are computer systems other than SAP operated within the department?
- Does the department have any external reporting requirements?
- Have procedures been established to backup data files, including
the identification of all critical data files and programs on
work stations and servers?
- Management Concerns: Does management have any specific
concerns regarding meeting departmental goals, fraud, departmental confidentiality,
current operating procedures, etc?