How are departments selected for an audit?

Areas are selected for internal audit based upon an assessment of risk. Risk can take various forms such as loss of assets, loss of receipts, inappropriate payment of expenses, failure to properly record transactions accurately, errors or omissions (either accidental or intentional), or failure to follow established policies and procedures. Those areas with a high degree of expected risk are subject to more frequent audit.

Some audits are required by governmental agencies or other outside entities and may be performed annually. Other audits are discretionary and involve departmental, operational, or process reviews. These reviews are scheduled in consultation with management. The Internal Auditor prioritizes internal audit work based on the following factors:

Ø     Assessment of the risk

Ø     Management referrals - feedback from deans, directors, or department heads (audit requests are solicited continually)

Ø     Significant organizational policy or procedural changes

Ø     Information system installation or modification

Ø     Changes in funding agency policies