The Internal Audit Department uses a comprehensive risk assessment model
to develop a long-range audit plan. This model allows all areas of the University
to be evaluated using uniform criteria. Factors and weights used to assess
and score each potential audit area include such items as: financial statistics;
complexity of operations; interaction with other areas of the University or
outside parties; consequences of errors or omissions; and the impact of negative
publicity. A risk assessment and development of a new long-range plan is done
once every five years.
In performing this project, we will use data from University information
systems and publications and conduct limited inquiry with staff and management
in key operating areas.
The scores from the risk assessment, staff resources available, and management
input are used to develop a long-range audit plan and annual work schedules.
The long-range plan covers a four-year time frame and includes blocks of time
for routine audits, special projects (those requested by management or involving
allegations of misuse), and administrative functions such as staff training
Our goal is to provide the most comprehensive, beneficial audit services
to the University. However, since staff resources are limited, we cannot provide
coverage to all areas. Therefore, hours for routine audits will be allotted
first to sensitive areas and areas determined to have the greatest significance
to the University. Routine audits will be scheduled for lower risk areas as
time permits or may be addressed through special projects.
Work schedules will be updated annually to allow for changes in the University’s
To extent possible, the timing of routine audits and special projects will
accommodate daily operations as well as "busy seasons" in departments
that have variable work loads.