Risk Assessment Process
Risk assessment is the identification and analysis of relevant risks to the achievement of an organization's objectives, for the purpose of determining how those risks should be managed.
During the risk assessment process, Internal Auditing identifies and assesses both the likelihood and potential impact of various risks to the organization. Internal controls are then identified and evaluated to determine how adequate they are in reducing risk to ensure that residual risk is at manageable levels. Residual risk is the risk that something will occur after controls or procedures are implemented to prevent it. In addition to audits required by state regulations, those activities or functions with higher levels of residual risk are typically selected for audits.
Developing the Audit Plan:
The WIU Office of Internal Auditing develops the annual audit plan using a risk-based approach. The annual risk assessment process occurs in late spring or early summer to facilitate the development of a two-year audit plan. Internal Auditing conducts the risk assessment process through discussions with management; review and analysis of budgets and proposed programs; and a systematic evaluation of risk factors covering the functional and organizational units of the University. Based upon the results of the risk analysis, a proposed audit plan is presented to the Senior Executive Cabinet for their review and approval. Upon consensus by the Cabinet, the audit plan is submitted to the University President for approval. Next, the audit plan is presented to the University Board of Trustees Audit Committee for their review and approval. The two-year plan is updated annually and may be modified as unplanned issues of potential risk are identified throughout the year. The plan is required to be completed before June 30th of each year for the next two fiscal year periods.