Risk Assessment Process
In accordance with the Institute of Internal Auditors, Standards for the Professional Practice of Internal Auditing, our audits are based on an on-going risk assessment process, which begins with the identification and refinement of the audit population. The audit population typically includes:
- Organizational units, such as colleges, departments, divisions or decentralized offices; and
- Transaction cycles or university-wide systems that affect multiple organizational units, such as payroll, procurement, hiring, purchase cards, cash receipting, reporting, etc.
To assist us with identification of the audit population and assignment of risk and audit priorities, Internal Audit annually seeks input from university management across campus, the State Board of Education, internal audit directors of other Idaho universities and external auditors.
The risk of financial loss, negative changes in financial position, negative response from external regulators such as the SBOE, bond rating agencies, grantors, etc.
The risk that processes and disclosures may not comply with laws and regulations resulting in monetary and non-monetary penalties and increased oversight by regulators.
A measure of the potential impact to the university’s positive image and credibility.
The risk of lost productivity, inefficiency and disruption to services as a result of inadequate or failed internal processes, people and systems, or from external events.
The risk of limiting, obstructing or delaying the achievement of the university's mission and goals.