A district-wide risk assessment is completed annually by the Internal Auditor. All areas of the district are considered. The audit universe is comprised of the district's departments, processes, services, and/or functions.
Internal Audit will meet with each department/area head to review the Risk Assessment process. All department/area heads are required to complete a Risk Assessment. The risk assessment requires identifying the department/area goal, as well as the more significant risk or events that could prevent them from accomplishing those goals. Each risk is then assigned an Impact Score, to determine the impact if the risk was realized and a Likelihood Score to determine how likely it is that this risk will be realized. The Total Risk Score for each risk is computed by adding the Impact Score and the Likelihood Score.
Department/area heads submit the completed risk assessment to their supervisor for review. Internal Audit combines all department/area risk assessments to construct the Annual District Risk Assessment. The Relative Risk Ranking is calculated and used, along with the risks and controls noted in the Risk Assessment, by Audit Management to determine the areas that will be audited the following year. The Annual Audit Plan will reflect the audits determined from the risk assessment as well as audits that are required by District guidelines. The Annual Audit Plan will be reviewed and approved by the Governance Committee.
The same process is completed at a campus level to evaluate what areas will be audited during a campus audit. However, since all campuses are not audited every year, the campus risk assessment will be completed every 2-4 years.