Risk Assessment and Audit Planning Timeline
January-February:
Data gathering and analysis
March:
1) Campuses complete risk assessment model
2) Campuses prepares draft plan
March/April:
1) Campus audit committees approve draft plans
2) UC Office of Ethics, Compliance, and Audit Services (ECAS) consolidates draft plans
April/May:
1) Consolidated draft plan presented to President’s Compliance and Audit Committee (PCAC) and The Regents
2) campuses assess current plan status
3) campuses revise draft plans
May:
1) Campus audit committees approve final plans
2) ECAS consolidates final plans
July:
Consolidated final plan presented to The Regents
Audit Risk Assessment Methodology
-
Data gathering and analysis
-
Interviews with management and staff
-
Surveys
-
Campus risk assessments
-
Substantive financial analytical review
-
Data/trend analysis (complaints, inquiries, incidents, external reviews)
-
Global research (emerging issues in higher education, information technology, research, etc.)
-
Coordinate with compliance risk assessment process
-
Operational Excellence
-
Complete Risk Assessment Model
-
Universe of Processes, Functions, Units
-
Scoring Universe Using Predictive Factors
Audit Process
Audit Notification
-
Notification of intent to audit
-
Preliminary scheduling discussions and document requests
-
Establishing key client contacts
Preliminary Audit Survey
-
Conducting a risk assessment
-
Developing an audit program
Fieldwork Entrance Conference
-
Sharing the audit program with the client
-
Establishing protoccols and coordination for execution of fieldwork
Fieldwork Detailed Appraisal
-
Analytical reviews
-
Interviews
-
Detailed testing
-
Status updates on findings
Ending Fieldwork
-
Sharing preliminary results with client
Reporting
-
Draft report
-
Obtaining management action plans
-
Exit meeting
-
Finalizing report
Follow-up
-
Client satisfaction survey
-
Monitoring completion of action plans
-
Reporting to campus audit committee and UCOP