Risk Assessment

On a six-month basis, Internal Audit will perform a risk assessment of the campus' auditable areas.  Auditable areas consist of academic and administrative departments, business operations, auxiliary components, and any other unit which has a piece in fulfilling the GCSU mission.  In each audit area, factors are used to determine the level of risk that area may pose to our campus.  Some of the factors that are used to assess risk within each audit area include:

  • Regulatory compliance and public scrutiny
  • Reliance on information technology
  • Dollar volume and liquidity
  • Organizational change and economic transition
  • Audit history

In addition to using the factors above to assess risk, management knowledge and auditor's judgment are also considered.  

Upon completion of the risk assessment, the areas which have a higher risk are presented to the campus president who makes a selection of audits to be performed for the upcoming fiscal year.  This is developed into the audit plan.  The audit plan is submitted each fiscal year to the chief audit officer of the Board of Regents who grants final approval.  The audit process is then followed for each planned area.