University Audits partners with University leadership to identify areas of risk and works collaboratively with schools, colleges, and units to improve processes and support the overall control environment of the University.
On a periodic basis, University Audits develops an audit plan based on:
- interviews with University leaders
- benchmarking with other universities and institutions
- prior years audit results
- staff input
- data analysis
Risks are ranked based on:
- general controls
- occurrence of change
- information technology
- asset management
- regulatory compliance
- complexity of operation
- reputational risk
In addition to assessment of identified risks, University Audits considers areas that have not been previously audited to achieve comprehensive and balanced audit coverage across all three campuses of the University and the hospital and health system. The audit plan is also balanced by audit type: operational, fiscal responsibility, process, compliance, information technology. There is time allotted in the plan for management requests and investigations.
Since the University operates in a dynamic environment, University Audits refreshes the risk assessment at mid-year and assesses whether modifications to the plan are warranted.