Why Me?
Internal audit does not target individuals or departments for audit. We
establish an annual audit plan that is based on a number of risk
factors, the six primary being:
- The amount and nature of revenue or receipts (the larger your
revenue the more likely you are to be audited).
- The potential impact on the university if something goes wrong
(will it affect just your department or the university on a wider
scale).
- How new a process or activity is, or whether it has undergone
major change in the recent past. (startup or change generally
creates added risks).
- Regulatory environment for the activity (are there special
regulations for your activity and do violations carry heavy
penalties).
- Time since last audit and previous findings (the longer it's
been since our last visit the higher the likelihood we will be
visiting you).
Some departments or processes, by the risk they present, will always get
more audit attention, while others because of regulatory or legislative
action will be audited periodically. If the University experiences
problems in a given department or process, it may prompt additional
audits until we are convinced no serious exposure exists.
