University Audits partners with university leadership to identify areas of risk and works collaboratively with schools, colleges, and units to improve processes and support the overall control environment of the university.
On an annual basis, University Audits develops an audit plan based on:
- input from university leaders
- benchmarking with other universities and institutions
- prior years audit results
- audit team input
- audit client survey results
- data analysis
- Industry trends
- coverage (ensuring Dearborn and Flint risks/concerns are addressed)
Risks are ranked based on:
- general controls
- occurrence of change
- information technology
- asset management
- regulatory compliance
- complexity of operation
- reputational risk
In addition to assessment of identified risks, University Audits considers areas that have not been previously audited to achieve comprehensive and balanced audit coverage across all three campuses of the university and Michigan Medicine. The audit plan is also balanced by audit type: process, compliance, information technology. Time is allotted in the plan for management requests and compliance hotline complaint investigations.
Because the university operates in a dynamic environment, University Audits refreshes the risk assessment at mid-year and makes modifications to the plan when they are warranted.