Main Menu
About the Internal Audit Department
Types of Services
FAQs
Ethics and Compliance Hotline
(This hotline is independently operated to help ensure confidentiality)
What is Fraud?
Whistleblower Policy
What is Risk Assessment?
What is Internal Control?
Links of Interest
Policies Governing Internal Audit

Risk Assessment Concepts

When beginning a risk assessment, the manager should start by analyzing the two circumstances most likely to endanger unit objectives, change and inherent risk.

In evaluating the potential impact of risk, both quantitative and qualitative costs need to be addressed.

  1. Quantitative costs include the cost of property, equipment, or inventory; cash dollar loss; damage and repair costs, cost of defending a lawsuit, etc.
  2. Qualitative costs can have wide-ranging implications to the college. These costs may include:
    • Loss of public trust
    • Loss of future grants, gifts and donations
    • Injury to the school’s reputation
    • Increased legislation
    • Violation of laws
    • Default on a project
    • Bad publicity
    • Decreased enrollment

Change. The risk to reaching objectives increases dramatically during a time of change (turnover in personnel, rapid growth, or establishment of new services, for example). Some examples of circumstances that expose a business to increased risk are the following:

  • Changes in personnel, for example after a new administration,
  • New or revamped information systems, for example of BANNER for personnel and payroll reporting,
  • Rapid growth,
  • New programs or services,
  • Increased delegation of authority,
  • Reorganizations within or between state agencies

Additional situations which could pose a threat to your departments:

  • Assets with Alternative Uses (i. e., computers, electronic type items)
  • Cash Receipts (continuing education programs, gifts, endowments, special events, bookstore, athletic programs, performances, etc).
  • Consultant Payments and Other Payments for Services
  • Travel Expenditures
  • Equipment Delivered Directly to Department
  • Purchase Exemptions (sole source)
  • Payroll (rates, changes, terminations)
  • Software Licensing Issues
  • Intellectual Property
  • Confidential Information
  • Grants (meeting terms, not overspending)

The steps in the Risk assessment process:

Step 1 Assessment of your Operations

Ask yourself the following questions:

What can go wrong?
Where are we most vulnerable?
Where is our greatest exposure?
What types of transactions in our area provide the most risk?
Do we have "liquid" assets or assets which have alternative uses?
How can someone bypass the internal controls?
What potential risk areas could cause adverse publicity?
Are we utilizing “best Practices” in our business environment?
Are there risks to similar institutions that could occur at our school?
Where is the high volume or large dollar items under our control? Are they protected?

Step 2 Prioritizing the items from your assessment

One you’ve identified some of the risk factors, the next question should probably be:

  • How important is this risk?
  • How likely is it that this risk will occur?
  • How can we best manage or prevent this risk?

After assessing and prioritizing the financial and compliance risks (steps 1 and 2), the next step of the process is to identify the appropriate controls to manage the risks. Legitimate questions might be:

Step 3 Are there adequate controls in place to offset these risks

Are there other controls in existence that will “mitigate” this situation?
What do I need to do to “prevent” this risk?
Do I have the resources or staff abilities to address these concerns?
Do I need to contact our Internal Audit department for consultative services and/ or other assistance?

You should now have a “good idea” of items you need to be concerned about, their magnitude, AND how you can mitigate these concerns.

The College Wide Risk Assessment Questionnaire helps you consider other items as you make this assessment of your operation.

Back to Top