In accordance with the Institute of Internal Auditors, Standards for the Professional Practice of Internal Auditing, our audits are based on an on-going risk assessment process, which begins with the identification and refinement of the audit population. The audit population typically includes:
- Organizational units, such as colleges, departments, divisions or decentralized offices; and
- Transaction cycles or university-wide systems that affect multiple organizational units, such as payroll, procurement, hiring, purchase cards, cash receipting, reporting, etc.
To assist us with identification of the audit population and assignment of risk and audit priorities, Internal Audit annually seeks input from University management across campus, the State Board of Education, internal audit directors of other Idaho universities, and external auditors.
Financial Risk – The risk of financial loss, negative changes in financial position, negative response from external regulators such as the SBOE, bond rating agencies, grantors, etc.
Compliance Risk – The risk that processes and disclosures may not comply with laws and regulations resulting in monetary and non-monetary penalties and increased oversight by regulators.
Reputation Risk – A measure of the potential impact to the University’s positive image and credibility.
Operational Risk - The risk of lost productivity, inefficiency, and disruption to services as a result of inadequate or failed internal processes, people and systems, or from external events.
Strategic – The risk of limiting, obstructing, or delaying the achievement of the University's mission and goals.