Before the Audit

Risk Assessment

The comprehensive risk assessment is a process by which the President, the Executive Team, and the Director of Internal Audit collectively identify areas with significant risk exposure. They continuously review and update the risk assessment process to ensure that all the risks of the College's business are assessed and identify the responsible parties to manage them.

Prior to assessing the identified risks, the President, the Executive Team, and the Director of Internal Audit use their expertise, knowledge, and personal judgment when analyzing and discussing the following risks’ factors and components.

1. Large dollar amounts or transactions with major impact on college’s operations. They can be measured in a number of ways including dollar amounts and number of transactions.
2. Areas with weak control systems. Efficiency of controls systems can be measured in a number of ways including considerable rate of errors, weak authorization control, non-existence of either internal controls or written procedures, weak communication processes, weak coordination processes, lack of training, inefficiency of reporting processes, new personnel may have different focus or understanding of internal controls.
3. Changes in regulatory or operating environment.
4. Frequent employee turnover or procedures changes.
5. Complexity affects the potential for error or misappropriation to go undetected. It could be characterized by factors including the degree and the extent of automation.
6. Adverse publicity or legal liability associated with the audit area.
7. Likelihood of a risk. It can be measured by probability of its occurrence and the potential impact on the College.

Type of audits

• Financial Audits address questions of accounting and reporting of financial transactions, including commitments, authorizations, and receipt and disbursement of funds. The purpose is to verify that there are sufficient controls over cash and cash-like assets and that there are adequate processes controls over the acquisition and use of resources.
• Compliance Audits determine the degree of a unit's adherence to laws, regulations, policies, and procedures. Recommendations often call for improvements in processes and controls intended to ensure compliance with regulations and College’s policies.
• Operational Audits, sometimes called program or performance audits, examine the use of unit resources to evaluate whether those resources are being used in the most efficient and effective ways to fulfill the unit's mission and objectives. An operational audit includes elements of a compliance audit, a financial audit, and an IS audit.
• Administrative Internal Control Reviews focus on the departmental level activities that are components of the College's major business activities. Areas such as payroll and benefits, cash handling, inventory and equipment and their physical security, grants and contracts, and financial reporting are usually subject to review.
• Investigative Audits are performed when appropriate. These audits focus on alleged civil or criminal violations of State or Federal laws or violations of College’s policies and procedures that may result in prosecution or disciplinary action. Fraud, internal theft, use of College’s resources for personal gains, and conflicts of interest are examples of reasons for investigative audits.

Annual Audit Plan

Areas identified in the risk assessment process having higher exposure to risks are prioritized and included in an annual audit plan, according to which the Internal Audit Office conducts its audits. The President approves the annual audit plan prepared on a one year basis. The annual audit plan outlines the areas of higher risks, the audit objectives, the audit scope of work, and the audit completion estimated number of direct audit hours.