Why me?

Internal audit does not target individuals or departments for audit. We establish an annual audit plan that is based on a number of risk factors, the six primary being:

Ø     The amount and nature of revenue or receipts (the larger your revenue the more likely you are to be audited).

Ø     The potential impact on the university if something goes wrong (will it affect just your department or the university on a wider scale).

Ø     How new a process or activity is, or whether it has undergone major change in the recent past. (startup or change generally creates added risks).

Ø     Regulatory environment for the activity (are there special regulations for your activity and do violations carry heavy penalties).

Ø     Time since last audit and previous findings (the longer it's been since our last visit the higher the likelihood we will be visiting you).

Ø     Public visibility (are you frequently in the public eye?).

Some departments or processes, by the risk they present, will always get more audit attention, while others because of regulatory or legislative action will be audited periodically. If the University experiences problems in a given department or process, it may prompt additional audits until we are convinced no serious exposure exists.