Audit Plan Process

On an annual basis, Internal Audit & Advisory Services assesses risk at the University based on an inventory of over 130 auditable entities (AE) across three AE types: Units, Processes, and IT. Each AE is assessed using a risk-based evaluation framework that incorporates various risk factors, interviews with senior leaders and stakeholders, control self-assessment surveys from academic units, Enterprise Risk Management considerations, and our internal data analysis.

Entities may be selected for any of the following reasons:

  • Significant financial transaction activity, including major grant or budget changes
  • Excessive time since the last review
  • Changes in personnel, especially senior leadership turnover
  • Compliance or regulatory changes directly impacting the entity
  • Benchmarking against peer institutions which highlights significant or emerging risks that may impact the entity

Once this evaluation is complete, we build an agile audit plan that allows for investigations or ad-hoc requests from management and can pivot to address any emerging risks throughout the year. We present this plan to the University’s Audit Committee for approval in April. Our team executes the annual plan through audit and advisory projects while fostering a collaborative environment and adding value to the units and departments we work with.

Audit Plan Graphic