Office of Internal Audit

University of Mississippi

Risk Assessment

Annual audit plans are based on a periodic Risk Assessment. This assessment includes input from management and staff in identifying risks. Factors considered within the Risk Assessment include:

  •   Quality of the Control Environment
    • Have administrative personnel changes occurred within the department?
    • Have major program modifications occurred?
    • Have departmental procedural problems been noted by the departmental chair/director?
    • How long since last audit?
    • Are monthly reconciliations performed on all departmental revenues and expenditures (compare documents to SAP postings)?
  • Business Exposure
    • How many programs/areas are encompassed within department?
    • What is the amount of the total departmental budget?
    • What is the amount of total department revenue?
    • How many full time employees (FTE) for all programs/areas?
  • Public & Political Sensitivity
    • How sensitive is the department to bad media publicity?
    • How much effect could politics have on meeting departmental goals?
  • Compliance Requirements
    • Is the department governed by external regulations other than state law?
    • Does the department have external audits?
  • Degree of Reliance on Information Technology/Reporting
    • Are computer systems other than SAP operated within the department?
    • Does the department have any external reporting requirements?
    • Have procedures been established to backup data files, including the identification of all critical data files and programs on work stations and servers?
  • Management Concerns: Does management have any specific concerns regarding meeting departmental goals, fraud, departmental confidentiality, current operating procedures, etc?