East Carolina University Office of Internal Audit Risk Assessment Preliminary Work



Similar documents
MIAMI UNIVERSITY Internal Audit & Consulting Services Risk Discussion Questionnaire GENERAL INFORMATION

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

Periodic risk assessment by internal audit

The PNC Financial Services Group, Inc. Business Continuity Program

2012 Audit Plan. Finance, Audit and Facilities Committee Board of Regents. November 2011 ATTACHMENT

The Advanced Certificate in Performance Audit for International and Public Affairs Management. Workshop Overview

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Audit, Risk and Compliance Committee Charter

Lauren Sundararajan, CFE, Internal Audit Manager

ORGANIZATION-WIDE RISK ASSESSMENT

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

ursouthwestern Medical Center The University of Texas Southwestern Medical Center HIPAA Privacy Program Audit Internal Audit Report 15:20 July 6, 2015

Financial Services Regulatory Commission Antigua and Barbuda Division of Gaming Customer Due Diligence Guidelines for

UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Internal Audit Charters

1. This bulletin, which contains the Charter of the Office of Internal Oversight Services (IOS) of

Statement of responsibilities of auditors and audited bodies: Local authorities, NHS bodies and small authorities.

Comprehensive Risk Assessment and Developing the Audit Plan

Internal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned

UNIVERSITY BOARD SKILLS REVIEW MATRIX Page 1 of 5

REPORT 2016/066 INTERNAL AUDIT DIVISION. Audit of management of technical cooperation projects in the Economic Commission for Africa

Social Networks - Are They Reducing Employee Risk?

Templates: audit and review reports

A Comprehensive Information Technology Risk Assessment Audit Framework for Small- and Medium-Sized Financial Institutions

REGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD.

ASTRAZENECA GLOBAL POLICY SAFETY, HEALTH AND ENVIRONMENT (SHE)

Texas Facilities Commission. Internal Audit Annual Report. Fiscal Year 2015

COMPLIANCE MANAGEMENT SYSTEM

Internal Audit Checklist

Natural Capital what do accountants think?

Fraud Checklist. From the enquiries made and procedures performed in completing Part B of this checklist we consider the risk of irregularities to be

LGMA Qld Governance and Corporate Planning Village Forum

AUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC

Internal Audit Division

Cyber Security - What Would a Breach Really Mean for your Business?

Compliance Toolkit. Protecting Charities from Harm. Chapter 2: Due Diligence, Monitoring and Verification of End Use of Charitable Funds SUMMARY

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Information Security: Business Assurance Guidelines

Supporting information technology risk management

Office of Internal Audit Risk Assessment and Audit Plan. Internal Audit Team. Stefanie Powell, CPA, CISA Chief Audit Executive

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

GUIDELINES INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS PERFORMING FINANCIAL STATEMENT AUDITS OF STATE AGENCIES

STATE BOARD OF COMMUNITY COLLEGES AND OCCUPATIONAL EDUCATION AUDIT COMMITTEE CHARTER

Chapter 5. Planning the Audit Engagement

1. What Is Risk? 3. Perspectives on Risk. Risk Management. 6. Characteristics of Risk Management 7. Advantages of Risk Management

Outsourcing and third party access

Risk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology

IFAD Policy on Enterprise Risk Management

Annual Assessment of the External Auditor

Abu Dhabi EHSMS Regulatory Framework (AD EHSMS RF)

September 28, Audit s Role in Governance, Risk Management and Internal Control

Information Commissioner's Office

Table of Contents: Chapter 2 Internal Control

Internal Audit and Advisory Services DRAFT

JAMAL EL-HINDI DEPUTY DIRECTOR FINANCIAL CRIMES ENFORCEMENT NETWORK

Exposure Draft: Improving the Structure of the Code of Ethics for Professional Accountants Phase 1

MARKET CONDUCT ASSESSMENT REPORT

OF CPAB INSPECTION FINDINGS

INTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT.

International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, New York USA

Achieve. Performance objectives

GENERIC STANDARDS CUSTOMER RELATIONSHIPS FURTHER EXCELLENCE CUSTOMISED SOLUTIONS INDUSTRY STANDARDS TRAINING SERVICES THE ROUTE TO

TRANSFERRING INTERNAL CONTROL KNOWLEDGE FROM LEGISLATION TO SCHOOL MANAGEMENT: THE CASE OF SLOVENIA

July 6, Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263

Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration

2016-AP-0001 Fiscal Year 2016 Annual Risk Assessment and Audit Plan

How to gather and evaluate information

October 20, Sincerely. Anthony Chavez, CIA, CGAP, CRMA Director, Internal Audit Division

CHAPTER 7 PLANNING THE AUDIT: IDENTIFYING AND RESPONDING TO THE RISKS OF MATERIAL MISSTATEMENT

Seattle Public Schools The Office of Internal Audit

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Risk Management Basics - ISO Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company

CORPORATE CODE OF ETHICS. Codes of corporate ethics normally have features including:

Annual Risk Assessment and Audit Plan Fiscal Year 2015/2016

Audit Manual PART TWO SYSTEM BASED AUDIT

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

4.1 Identify what is working well and what needs adjustment Outline broad strategies that will help to effect these adjustments.

Major IT Projects: Continue Expanding Oversight and Strengthen Accountability

PRACTICE ADVISORIES FOR INTERNAL AUDIT

Risk Management Policy

RISK MANAGEMENT AND COMPLIANCE

States of Jersey Comptroller & Auditor General

Plan for the audit of the 2011 financial statements

Department of Motor Vehicles

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

INCORPORATING FRAUD RISK ASSESSMENTS INTO FEDERAL GOVERNMENT INTERNAL AUDIT ACTIVITIES PRESENTATION BY CHERILYN MONTMINY

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

Internal Controls Compliance Office of Business Affairs

Credit Reference Agencies Call for information

Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement.

Operational Risk Publication Date: May Operational Risk... 3

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter

Preparing for the HIPAA Security Rule

SWOT Analysis. Ronald Quincy, Shuang Lu, and Chien-Chung Huang. Raising Capacity of Your Organization

SESSION 3 AUDIT PLANNING

INTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS

1Steps to a Successful Core Vendor Evaluation & Selection

Transcription:

Risk Assessment Preliminary Work Attch: 1-A Date: Name: Area of Responsibility: Prior to meeting with your units gather and review the following information: 1. Review unit s website. Note anything of significance or print any materials you deem relevant. List http address of website. 2. Review unit s strategic plan. Attach a copy. 3. Obtain organizational chart if applicable. 4. Review risk assessment completed last year. (May not be one) 5. Review audits performed for this unit. (For this time gather all audit history for this unit). List date of audits, whether it was management requested, # of findings, outstanding findings, whether fraud or abuse issue for all audits. 6. Obtain units revenue and expenditure information. (Director will provide to you.) 7. Other comments. Page 1 of 1

Risk Assessment Subjective Criteria Attch: 1-B Introduction Universities have had to learn to do more with less. There are many drivers that are transforming today s higher education environment. Besides the academic mission, Universities are also faced with corporate governance and accountability issues, which have been driven by current events and legislation. To effectively manage today s changing University environment, academic leaders must be cognizant of these drivers and the risks that accompany them and create a risk-conscious climate. In partnering with management to create a risk-conscious climate, the Office of Internal Audit has developed and implemented risk-based engagement plans. This will ensure that our priorities are focused on those areas where risks and materiality of exposure is greatest. The development of a risk-based engagement plan includes defining an auditable unit, establishing the audit universe, establishing the risk criteria, constructing the risk model, and ranking the audit universe. We are basing the establishment of East Carolina University s audit universe and risk framework on the models listed below. Audit Universe Model: Teaching Research Patient Care Facilities Student Life Finance Information Technology Human Resources Risk Framework Model: Higher Education Business Risks: Strategic Goals of the institution Financial Safeguarding assets Operational Processes that achieve goals Compliance Laws and regulations Reputational Public image Page 1 of 3

Risk Assessment Subjective Criteria Attch: 1-B Please consider the models on the previous page when identifying processes and risks. Planning Date: Name: Area of Responsibility: Please answer the following questions: 1. What are the main goals and objectives of this unit? 2. What recent events have occurred in this unit (e.g. new degrees, centers, change in management, turnover of staff) 3. What are some of the areas of risk that your unit is facing? In other words, what exposures do you have that could potentially pose a threat or disruption to your research/business/academic programs? What keeps you up at night when you think what could go wrong? Consider these in the various areas (not limited to) financial risks, human resources, technological, students, legal and regulatory compliance, public relations or political risk, changes in units (reorganization, turnover). 4. What is the likelihood these will happen and the impact if they do? 5. What do you have in place to manage and deal with these risks? 6. What is the worst thing that has already happened in your unit? 7. Based on the goals and objectives of the unit, what obstacles do you face that could affect or keep you from achieving your goals and objectives (e.g. resources, priority of project, support from management)? 8. How do you measure your performance? Have you obtained the desired outcome in recent years? 9. What other units do you depend on to achieve your objectives? Do you feel you receive the information and support you need from these units? If not, please explain why and the difficulties you have encountered. 10. Who are your key stakeholders or external constituents (e.g. donors, legislatures?) 11. List any reviews that have been conducted in your area of responsibility either internally or by external auditors and/or consultants. Get a copy of any reports that were issued as a result of the review. 12. Are there any particular areas within your unit or on campus which you currently have a concern about? If so, please explain. List any areas or concerns that you would like reviewed by Internal Audit. Page 2 of 3

Risk Assessment Subjective Criteria Attch: 1-B 13. List any areas in which you are aware of fraud and abuse and describe the nature of the fraud and abuse. 14. What unique systems do you have and how critical are they to the functioning of your unit? Have you had any performance issues? Who supports these systems? Do you have any systems that contain confidential or critical information such as patient, student, or employee information (eg. social security numbers, etc.) 15. Is IA meeting the expectations of your unit? What benefits has your unit received from IA? Do you feel comfortable calling IA with a problem or concern? 16. List any training with regard to internal control and fraud awareness that Internal Audit can provide to your area. Additional comments: Page 3 of 3

Risk Assessment Objective Criteria Attch: 1-C Unit/Major Process: Name: Date: 1 Criticality of Unit 20% Measuring What? Criticality of the unit to the proper functioning of the University. Questions to Consider: What happens if the unit is unable to provide its service to the University within the required time frames or at the normally expected level? What would be the impact of the unit not providing its 2 Internal Control 20% Measuring What? Questions to Consider: 3 Public or Political Sensitivity 20% Measuring What? Questions to Consider: service to the University at all? No impact The University could still function for an extended period of time. The University could only function for a short period of time. The University would be negatively impacted and might not be able to function. The quality of the internal control environment based on results of prior audit work, general observations, and/or other interactions (e.g. department heads, business officers). Is the internal control environment sufficient to ensure that controls are in place and working effectively? Is there oversight by an internal or external entity that represents an effective control for the unit? No weakness in controls. Minor weaknesses in controls. Major weaknesses in controls. Controls have not been evaluated. The sensitivity of the unit to public exposure of any internal issues and the level of public embarrassment that could be caused to the University as a whole. What would be the impact to the University if negative information about the unit was made public in some way? How dependent is this unit on external constituents (e.g. Legislature, Federal agencies) No impact. Some impact. High impact. Page 1 of 2

Risk Assessment Objective Criteria Attch: 1-C 4 Legal and Governance 20% Measuring What? The exposure to potential litigation and/or compliance with required laws, policies, etc. Questions to Consider: Is there any current or potential litigation? What outside entities, policies, etc. (e.g. Federal, EPA, OSHA) are you governed by or required to comply with? No current or potential litigation and no outside governance. Potential litigation and/or minimal required compliance with outside entities. Current litigation and/or excessive required compliance with outside entities. 5 Change in Management or Organizational Structure 15% Measuring What? The amount of change in the structure of the unit. Questions to Consider: Has there been a recent reorganization of the personnel or the processes in the unit? Have there been management or key personnel changes? Has there been unusually high turnover for the size of the group and the nature of the work? No changes. Some turnover but no change in management or key personnel. Excessive turnover and/or change in management by key personnel. 6 Financial Impact 5% Measuring What? Overall annual budget for unit (from State and other funding sources). Questions to Consider: If there was misuse of funds or something went wrong financially, what would be the impact to the University from a financial perspective? Small = <$5 Million Medium = $5 - $25 Million Large => $25 Million Page 2 of 2

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information