Risk Assessment and Audit Planning Timeline


Data gathering and analysis


1) Campuses complete risk assessment model 

2) Campuses prepares draft plan


1) Campus audit committees approve draft plans

2) UC Office of Ethics, Compliance, and Audit Services (ECAS) consolidates draft plans


1) Consolidated draft plan presented to President’s Compliance and Audit Committee (PCAC) and The Regents

2) campuses assess current plan status

3) campuses revise draft plans


1) Campus audit committees approve final plans 

2) ECAS consolidates final plans


Consolidated final plan presented to The Regents

Audit Risk Assessment Methodology

  • Data gathering and analysis

    • Interviews with management and staff

    • Surveys

    • Campus risk assessments

    • Substantive financial analytical review

    • Data/trend analysis (complaints, inquiries, incidents, external reviews)

    • Global research (emerging issues in higher education, information technology, research, etc.)

  • Coordinate with compliance risk assessment process

  •  Operational Excellence

  • Complete Risk Assessment Model

  • Universe of Processes, Functions, Units

  • Scoring Universe Using Predictive Factors

Audit Process 

Audit Notification

  • Notification of intent to audit

  • Preliminary scheduling discussions and document requests

  • Establishing key client contacts

Preliminary Audit Survey

  • Conducting a risk assessment

  • Developing an audit program

Fieldwork Entrance Conference

  • Sharing the audit program with the client

  • Establishing protoccols and coordination for executive of fieldwork

Fieldwork Detailed Appraisal

  • Analytical reviews

  • Interviews

  • Detailed testing

  • Status updates on findings

Ending Fieldwork

  • Sharing preliminary results with client


  • Draft report

  • Obtaining management action plans

  • Exit meeting

  • Finalizing report


  • Client satisfaction survey

  • Monitoring completion of action plans

  • Reporting to campus audit committee and UCOP