Idaho State University

• Academics
• Prospective Students
• Current Students
• Faculty & Staff
• Alumni & Visitors

• Auditing Services Home
• About Us
  • Auditing Services Charter
  • Audit Staff
  • Consultative Services
  • Presentations
  • Frequently Asked Questions
• Audit Process
  • Types of Audits
  • Risk Assessment
  • Steps of an Audit
• Report Misconduct
  • What to Report
  • How to Report
• Policies
  • Faculty/Staff Handbook
  • State Board of Education
  • State of Idaho Administrative Rules
  • State of Idaho Statutes
  • State of Idaho Board of Examiners
  • State of Idaho Fiscal Policy Manual
  • Purchase Cards
  • Exempt Student Organizations
• Department Links
  • Affirmative Action
  • Finance & Administration
  • Budget Office
  • General Counsel
  • Human Resources
  • Information Technology
  • Public Safety
  • Purchasing Services
• Staff Resources
  • Student Homepage
  • Webmail
  • Faculty/Staff Tools
  • Barracuda Spam Firewall
  • Sun Java System Calendar Express (MyCalendar)
• Documents and Forms

 

 

 

Stop 8219
Administration Room 310
Phone: (208) 282-3182
Fax: (208) 282-4682

 

Risk Assessment

The purpose of the risk assessment is to develop an audit plan for performing audit projects in risk areas over a specified time in order to:

• minimize the risk of losses to the University
• prioritize audit projects by the level of risk
• utilize audit staff and time in an effective and efficient manner
• determine the nature, timing, and extent of audit steps and procedures in direct relation to the amount and nature of the risk

The risk assessment consists of three phases:

Identify auditable entities

We review the University structure to identify academic and administrative units.  We evaluate organizational charts and financial information in order to determine how to organize the units into auditable entities.  We also identify processes which apply to all departments such as payroll, meals and entertainment.

Conduct interviews

We interview the director, chair or manager of each auditable entity utilizing a standardized questionnaire. Some interviews cover multiple entities as certain individuals oversee multiple departments or functions. 

Analyze information and develop a risk matrix

After completing each interview, we utilize responses to the questionnaire to rate each entity based on twelve risk factors.  We also analyze financial information and research applicable policies and regulations.  The risk factors include:

1. Dollar volume and number of transactions
2. Quality of internal controls
3. Executive management interest
4. Results of prior audits
5. Changes in personnel, procedures, regulations, or systems
6. Complexity of activity
7. Public and political sensitivity
8. Time since last audit (internal or external)
9. Deviations from budget or plan
10. Compliance with SBOE/Institution policies and procedures, laws, and regulations
11. Audit required by regulatory agencies
12. Inherent risk of misappropriation of assets – cash, equipment, etc.

The risk factors for a given entity are assigned weights from 1 (less significant) to 5 (more significant) based on a standardized rating scale.  The sum of the weights determine the total risk score for each entity.

Audit projects are scheduled based on the highest risk entities. The risk assessment is updated annually as part of the audit planning process.