RISK ASSESSMENT

Annual audit plans are based on a periodic Risk Assessment. This assessment includes input from management and staff in identifying risks. Factors considered within the Risk Assessment include:

•   Quality of the Control Environment
• Have administrative personnel changes occurred within the department?
• Have major program modifications occured?
• Have departmental procedural problems been noted by the departmental chair/director?
• How long since last audit?
• Are monthly reconciliations performed on all departmental revenues and expenditures (compare documents to SAP postings)?
  
  
• Business Exposure
  • How many programs/areas are encompassed within department?
  • What is the amount of the total departmental budget?
  • What is the amount of total department revenue?
  • How many full time employees (FTE) for all programs/areas?


• Public & Political Sensitivity
  • How sensitive is the department to bad media publicity?
  • How much effect could politics have on meeting departmental goals?


• Compliance Requirements
  • Is the department governed by external regulations other than state law?
  • Does the department have external audits?


• Degree of Reliance on Information Technology/Reporting
  • Are computer systems other than SAP operated within the department?
  • Does the department have any external reporting requirements?
  • Have procedures been established to backup data files, including the identification of all critical data files and programs on work stations and servers?


• Management Concerns: Does management have any specific concerns regarding meeting departmental goals, fraud, departmental confidentiality, current operating procedures, etc?