Risk Assessment and Audit Planning Timeline
January-February:
-
Data gathering and analysis
March:
-
Campuses complete risk assessment model
-
Campuses prepare a draft plan
March/April:
-
Campus audit committees approve draft plans
-
UC Office of Ethics, Compliance, and Audit Services (ECAS) consolidates draft plans
April/May:
-
The consolidated draft plan presented to President’s Compliance and Audit Committee (PCAC) and The Regents
-
Campuses assess current plan status
-
Campuses revise draft plans
May:
-
Campus audit committees approve final plans
-
ECAS consolidates final plans
July:
-
The consolidated final plan presented to The Regents
Audit Risk Assessment Methodology
-
Data gathering and analysis
-
Interviews with management and staff
-
Surveys
-
Campus risk assessments
-
Substantive financial analytical review
-
Data/trend analysis (complaints, inquiries, incidents, external reviews)
-
Global research (emerging issues in higher education, information technology, research, etc.)
-
Coordinate with compliance risk assessment process
-
Operational Excellence
-
Complete Risk Assessment Model
-
Universe of Processes, Functions, Units
-
Scoring Universe Using Predictive Factors
Audit Process
Audit Notification
-
Notification of intent to audit
-
Preliminary scheduling discussions and document requests
-
Establishing key client contacts
Preliminary Audit Survey
-
Conducting a risk assessment
-
Developing an audit program
Fieldwork Entrance Conference
-
Sharing the audit program with the client
-
Establishing protocols and coordination for the execution of fieldwork
Fieldwork Detailed Appraisal
-
Analytical reviews
-
Interviews
-
Detailed testing
-
Status updates on findings
Ending Fieldwork
-
Sharing preliminary results with the client
Reporting
-
Draft report
-
Obtaining management action plans
-
Exit meeting
-
Finalizing report
Follow-up
-
Client satisfaction survey
-
Monitoring completion of action plans
-
Reporting to the campus audit committee and UCOP