A risk assessment of all units in the University (academic, administrative, research and ancillary) is performed annually.
The risk assessment encompasses a number of factors including: professional judgment; discussions with senior management; a review of the nature of the operation; external or internal factors that might affect the risk; the volume of transactions; the complexity of the systems.
A weighted risk score is assigned, and this, along with professional judgment, is used to rank the priority of departmental audits.
An audit plan is developed.
The Audit Committee of the Board of Trustees approves the audit plan annually.
NOTE: As the University considers adopting an Enterprise Risk Management process, the above risk assessment process will change.