Risk Assessment Questionnaire



Similar documents
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

A Risk-Based Audit Strategy November 2006 Internal Audit Department

LEGAL SERVICES CORPORATION OFFICE OF INSPECTOR GENERAL FINAL REPORT ON SELECTED INTERNAL CONTROLS RHODE ISLAND LEGAL SERVICES, INC.

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

INTERNAL CONTROL QUESTIONNAIRE OFFICE OF INTERNAL AUDIT UNIVERSITY OF THE VIRGIN ISLANDS

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

APHIS INTERNET USE AND SECURITY POLICY

Transmittal Letter Objectives and Scope Approach Financial System Permitting Application... 9

How To Audit A Financial Statement

John Keel, CPA State Auditor. An Audit Report on The Dam Safety Program at the Commission on Environmental Quality. May 2008 Report No.

Control Environment Questionnaire

Health Sciences Compliance Plan

Module 6 Documenting Processes and Controls

Five-Year Strategic Plan

PURCHASING CARD POLICY AND PROCEDURES

AUDITOR OF PUBLIC ACCOUNTS REVIEW SUMMARY SEPTEMBER 17, 2014

Human Resources PolicyPro - Quebec Edition

Department of Homeland Security

Finance and Accounting Control, Record Keeping and Reporting Services

SANTA ANA UNIFIED SCHOOL DISTRICT LEAD INTERNAL AUDITOR

CHAPTER 3 FINANCIAL MANAGEMENT SYSTEMS: POLICY, ROLES AND RESPONSIBILITIES FOR CONFORMANCE, EVALUATION, AND REPORTING

TTC AUDIT COMMITTEE REPORT NO.

Lauren Sundararajan, CFE, Internal Audit Manager

Arizona State Real Estate Department

March 17, 2015 OIG-15-43

Internal Control Guide & Resources

Department of Finance & Management Strategic Plan V.3.3

ACCOUNTING AND FINANCIAL REPORTING REGULATION MANUAL

INFORMATION SECURITY Humboldt State University

Guide for the Role and Responsibilities of an Information Security Officer Within State Government

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

Fraud Control Theory

SUBSIDIARY LEDGER MANAGEMENT AND INTERNAL CONTROLS

Annual Risk Assessment and Audit Plan Fiscal Year 2015/2016

COMPLIANCE MANAGEMENT SYSTEM

[300] Accounting and internal control systems and audit risk assessments

Policy-Standard heading. Fraud and Corruption Policy

Internal Controls and Financial Accountability for Not-for-Profit Boards NEW YORK STATE OFFICE. of the ATTORNEY GENERAL.

Audit Planning, Types of Audit Tests and Materiality

Northern Grampians Shire Council FRAUD CONTROL PLAN

How To Audit A Company

October 21, Ms. Joan A. Cusack Chairwoman NYS Crime Victims Board 845 Central Avenue, Room 107 Albany, New York

Job Description. Director of Finance

Department of Public Works and Environmental Services Division of Solid Waste Disposal and Resource Recovery

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Internal Control Guide for Managers

INFORMATION SECURITY California Maritime Academy

KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER

Woodward County Emergency Medical Service District

Special Purpose Reports on the Effectiveness of Control Procedures

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

MULTIPLE CHOICE/TRUE-FALSE. (1 point each = 45 points)

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

M-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.

Or download and view an electronic copy by visiting:

CHARTER THE AUDIT COMMITTEE POLARIS MINERALS CORPORATION

Internal Audit Annual Report 2011/12

Performance Audit City s Payment Process

Lebanese Association of Certified Public Accountants - AUDIT December Exam 2014

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Cash Operations Policy and Procedures. DATE: July 15, 2011

Fraud and Role of Information Technology. September 2008

2016-AP-0001 Fiscal Year 2016 Annual Risk Assessment and Audit Plan

Transcription:

Risk Assessment Questionnaire Department/Area Name: This Department Reports to: Person completing survey: Briefly describe the department or area, its major activities and functions. Critical Measures: Current Number of FTEs employed in the department: Last Three Years Total Budget Amount (All Accounts): FY 2009-10 FY 2008-09 FY 2007-08 Total Budget Operating Budget (Total Budget minus Payroll) Revenues and Assets Does the Department/Area have revenues (Funds or receipts not provided as part of the budget appropriation process -cash, check, credit card, etc.)? If so, please give the approximate yearly amount: Yes. Description: Approximate Amount:

Does the Department/Area have a Petty Cash Fund? If so, what is the amount and purpose of the fund? Yes. Amount: Purpose: Does the Department/Area have inventories of any kind? If so, please describe the inventory in general terms and give an approximate value. Yes. Description: Approximate Amount: Does the Department currently have grants? Yes. List of Grants: *********************************** For the remainder of the questions, please check whichever alternative best describes your department (1,2, or 3). Growth of Auditable Unit Indicate the whether there has been growth in your department in numbers of activities or budget during the past 12 months. 1. The unit has experienced no growth or has shrunk in size. 2. The unit has experienced less than 10% growth. 3. The unit has experienced more than 10% growth. Policies and Procedures In regard to departmental policies and detailed procedures to support the policies, indicate whether: 1. Policies have been in place for over three years, with no major changes made. Written procedures which support the policies are in place. 2. Policies are in place; however, employees are not always familiar with the policies and adherence to procedures is not always enforced. 3. No written policies are in place. Regulation/Compliance To what extent is your department/area governed or impacted by Federal or State regulation? 1. Department is not affected or is minimally affected by Federal and/or State regulations. 2. Department moderately affected by Federal and/or State regulations. 3. Department is heavily regulated by Federal and/or State regulations.

Information Technology Changes What level of impact does Information Technology (IT) have on your department? 1. There have been no new IT changes during the past 12 months and/or IT has little impact on this department. 2. Some changes have been made to the IT environment and/or IT significantly affects this function. 3. The IT environment has changed or been replaced. The IT environment affects nearly all aspects of this function. Departmental Changes Have there been any significant changes in staff size, funding, functions, systems, key positions and/or responsibilities of the department which might created problems? 1. No significant changes have occurred during the last 3 years. 2. Funding, staffing and/or responsibilities have changed moderately during the last 3 years. 3. Continuous and large-scale changes have been made to the department. Management/Employee Turnover Regarding management or employment turnover in your department during the past 3 years: 1. No turnover in key management or staff. 2. Limited turnover in key management or staff. 3. Major turnover in key management or staff. Quality of Management How would you rate your department s management skills: 1. Management is able to be responsive and copes successfully with existing and foreseeable problems. As issues arise, they are immediately addressed and corrected. 2. Management is not always able to be responsive to issues as they arise but generally has a satisfactory record of performance. 3. Management frequently is not able to be responsive to issues that arise, for whatever reason. Management Override To what degree can management of this department supersede the policies established for this particular activity? 1. Complete inability to circumvent controls. 2. Capability to override some controls without detection. 3. Capability to override the majority or all of the controls without detection.

Training Please indicate the status of training in your department? 1. Training is provided at least annually to all applicable employees, and there are discussions with employees to confirm that training is adequate. 2. Some training is being provided to applicable employees; however, additional training is needed. 3. Very little training is being provided, and the adequacy of the training is not effective. Date of Last Audit When was the last time that your department was reviewed by either internal audit or external auditors (KPMG) as part of the financial audit or A-133 audit? 1. Reviewed by either internal or external auditor within the last 2 years. 2. Last review by internal or external auditors was conducted within 3 to 5 years ago. 3. Last review by internal or external auditors was completed over 5 years ago. Controls and Prior Exceptions If your department had either an internal audit or was part of the external audit, what kind of findings or exceptions were there? 1. Only minor exceptions were noted in the department s activities and they have been addressed. 2. Some minor to moderate exceptions have occurred causing some control concerns. 3. Significant exceptions have been revealed during past audits/ Degree of Dependence Describe the number of University organization units supported by the department: 1. The department/area does not serve other organizational units, or at most one other organization unit. Department is mostly self-contained. 2. Department serves limited informational needs of several dependent organizations within the University. 3. Department meets full and very complex informational needs of numerous dependent organizations within the University. Impact of Inaccurate Data What would be the relative effect of inaccurate data to the department s capability to provide internal or external service? 1. Incorrect or inaccurate information generated by the department would have little or no impact on the operations of the University. 2. Incorrect or inaccurate information generated by the department has a moderate impact on the operations of the University. 3. Incorrect or inaccurate information generated by the department activity has a serious impact on the operations of the University.

Degree of Confidentiality What is the degree of confidentiality of the information produced or handled by the department? 1. Information produced by the department is not confidential and is generally available to the public, the release of which would not result in any potential loss or embarrassment to the University. 2. Information produced by the department is available to designated employees of the University in connection with their jobs. Release to the public or to an unauthorized entity could result in minor financial loss or moderate embarrassment or violation of an individual s privacy. 3. Information produced by the department requires protection against unauthorized or premature disclosure. Such disclosure could result in serious loss or embarrassment or could adversely affect the department, the University or the subject of the information. Instances of Abuse Have there been any instances of fraud, computer abuse, or data loss for this department? 1. No instances of "known" fraud, computer abuse or loss of data have occurred during the last 24 months. Internal controls are in place and effective. 2. Instances of "known" fraud, computer abuse or loss of data have occurred during the last 24 months. Internal controls that were lacking have been installed and are being monitored for effectiveness. 3. Instances of "known" fraud, computer abuse or loss of data have occurred during the last 24 months. Internal controls have not been strengthen. Desirability of Inventory Do you have any departmental inventory (not fixed assets or equipment) or specialized inventory such as controlled substances, hazardous wastes, or precious metals? 1. Inventories are valued at low dollar amounts and do not include specialized items or no inventory. 2. Inventories are at relatively moderate dollar amounts and do not include specialized items. 3. Inventories are valued at high dollar amounts or include specialized items, such as hazardous wastes. (Please indicate which.) Complexity of Operations Are assignments or transactions managed by your department inherently complex? Do assignments or transactions require a significant amount of time or number of steps to complete? Are work tasks difficult, requiring a high degree of interpersonal coordination and/or extensive training? 1. The department's/area's instruction's operations are relatively simple. 2. Assignments or transactions require several persons or steps, are somewhat time consuming, and require moderate training. 3. Assignments or transactions require several persons or steps, are very time consuming, and require extensive training.

Interest to Outside Parties Do you routinely have communication with outside parties such as: legislators, news media, citizen groups, or agency personnel? 1. Outside parties have shown no or very little interest in the area 2. Outside parties have shown a moderate interest in the area. 3. Outside parties have shown a major interest in the area. Handling of Cash To what extent does your department handle cash? 1. Does not handle any cash, checks, or credit card payments. 2. There is limited activity with cash, checks or credit card receipts or potential for access to them. 3. The handling of cash, checks, and credit card payments is a major part of the department s responsibilities. Do you have any specific areas of issue/concern that you would like to discuss with Internal Audit?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information