Why was my Department Selected for Review?
Each year, Internal Audit management develops an Annual Audit Plan based upon a risk analysis of organizational units and business functions of the University. The analysis factors a combination of risk criteria (e.g., date/results of last audit, financial exposure, operational stability, public exposure, complexity of operations, regulatory impact, key performance indicators and control environment) for each organizational unit. Risks are weighted based upon auditor judgment and information gathered from meetings with Senior Leadership within the Institution. Broad audit coverage is targeted with higher risk quotients being reviewed on a more frequent basis than less risk-intensive units.
Once developed, Internal Audit management reviews the plan with University and Medical Center leadership and presents the final plan to the Audit Committee of the Board of Trust.