Internal Audit Risk Assessment

Risk Assessment is the identification and analysis of risks to the achievement of an organization's objectives, for the purpose of determining how those risks should be managed. Risk assessment implies an initial determination of operating objectives, then a systematic identification of those activities or events that could prevent a business unit from reaching its objectives.. In other words, it's an analysis of what could go wrong.


A yearly review of the various business processes and financial reports coupled with senior management discussions results in the creation of the yearly Audit Plan which is presented and approved by the Audit Committee of the Board of Trustees.


What could go wrong, or what could prevent my business/school/department from achieving its goals?

• How do I determine how important it is?

• How much would it impact my area?

• How often could it occur?


Event Identification

How will you know that something has gone wrong?

When do you know that something has gone wrong?

How do you communicate the event to the right people at the right time?


Risk Response

Do you know what you need to do to address a potential problem?

How long should it take to correct?

Was the correction effective?


Who is responsible for Risk Assessments?

Internal Audit – to develop its plan

Management – to understand areas of weakness or opportunity

– Senior Management – Central, Enterprise Risk Management

– Middle Management – School

– Lower Management – Department, Division, Center, Business Area


Related Information: PriceWaterhouseCoopers A Practical Guide to Risk Assessment